182.23.116.39
{
"scan_id": 1764431206,
"ip": "182.23.116.39",
"is_ipv4": true,
"is_ipv6": false,
"location": {
"network": "182.23.112.0/20",
"postal_code": "44151",
"coordinates": {
"latitude": "-7.178",
"longitude": "107.2814"
},
"geo_point": "-7.178, 107.2814",
"locale_code": "en",
"continent": "Asia",
"country_code": "ID",
"country_name": "Indonesia",
"city": "Babakangarut"
},
"location_updated_at": "2025-12-01T08:48:52Z",
"asn": {
"number": "AS4800",
"organization": "PT Aplikanusa Lintasarta",
"country_code": ""
},
"asn_updated_at": "0001-01-01T00:00:00Z",
"whois": {
"network": "182.23.0.0/17",
"organization": "Route Object of PT Aplikanusa Lintasarta",
"descr": "Route Object of PT Aplikanusa Lintasarta,\nISP,\nMH Thamrin Kav 3,\nMenara Thamrin Bulding 12th Floor,\nJakarta 10250",
"_encoding": {
"raw": "BASE64"
}
},
"whois_updated_at": "2024-12-09T11:26:54Z",
"tags": [
{
"name": "is_anonymous_proxy",
"pretty_name": "Anonymous Proxy",
"value": false,
"last_updated_at": "2025-12-01T08:48:52Z"
},
{
"name": "is_cdn",
"pretty_name": "CDN",
"value": false,
"last_updated_at": "2025-12-01T11:30:17Z"
},
{
"name": "is_satellite_provider",
"pretty_name": "Satellite Provider",
"value": false,
"last_updated_at": "2025-12-01T08:48:52Z"
}
],
"services": [
{
"port": 21,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-12-02T21:07:21.187Z"
},
{
"port": 25,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-28T18:20:46.662Z"
},
{
"port": 80,
"protocol": "tcp",
"name": "http",
"version": "2.2.15",
"product": "Apache httpd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:apache:http_server:2.2.15",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "2\\.2\\.15",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<!doctype html>\n<html lang=\"en\">\n<head>\n<meta charset=\"UTF-8\" />\n<title>Travira Air - Phoenix Server</title>\n<link rel=\"stylesheet\" href=\"_css/style.css\"/>\n<link rel=\"icon\" type=\"image/png\" href=\"favicon.png\">\n</head>\n\n<body>\n<div id=\"main\">\n<h1></h1>\n<h3>app.travira-air.com</h3>\n<p>Current PHP version: 5.6.40</p>\n<p>\n<pre>System hostname: phoenix.travira-air.com\nKernel and CPU: Linux 2.6.32-754.35.1.el6.x86_64 on x86_64\n#1 SMP Sat Nov 7 12:42:14 UTC 2020\nLinux\nArray\n(\n)\n</pre></p>\n<div style=\"background-image:url(_css/powered.png); background-repeat:no-repeat; background-position:center; height:115px\">\n</div>\n</div>\n</div>\n</body>\n</html>",
"body_murmur": 1966930468,
"body_sha256": "fa914c86d19a23525be64963bb61dc0200ffa975ed6ed531d61a3a41cb33fff8",
"component": [
"CentOS",
"Apache HTTP Server:2.2.15"
],
"content_length": 647,
"favicon": {
"md5_hash": "99013a819a1d5674210f4382b56bde78",
"murmur_hash": -1456592467,
"path": "http://app.travira-air.com:80/favicon.png",
"size": 6925
},
"headers": {
"cache_control": [
"no-store, no-cache, must-revalidate, post-check=0, pre-check=0"
],
"content_length": [
"647"
],
"content_type": [
"text/html; charset=UTF-8"
],
"date": [
"Sun, 30 Nov 2025 07:53:41 GMT"
],
"expires": [
"Thu, 19 Nov 1981 08:52:00 GMT"
],
"pragma": [
"no-cache"
],
"server": [
"Apache/2.2.15 (CentOS)"
],
"set_cookie": [
"PHPSESSID=fhq166modlerrj93vcbedtj8h1; path=/"
],
"x_powered_by": [
"PHP/5.6.40"
]
},
"protocol": "HTTP/1.1",
"redirects": [
{
"body": "<!DOCTYPE HTML PUBLIC \"-//IETF//DTD HTML 2.0//EN\">\n<html><head>\n<title>302 Found</title>\n</head><body>\n<h1>Found</h1>\n<p>The document has moved <a href=\"https://app.travira-air.com/\">here</a>.</p>\n<hr>\n<address>Apache/2.2.15 (CentOS) Server at 182.23.116.39 Port 80</address>\n</body></html>\n",
"body_murmur": -1842410830,
"body_sha256": "9018342fb6b60fdf85a18067d23e69b066168a26be49620e907aff536ef5345b",
"content_length": 291,
"headers": {
"content_length": [
"291"
],
"content_type": [
"text/html; charset=iso-8859-1"
],
"date": [
"Sun, 30 Nov 2025 07:53:40 GMT"
],
"location": [
"https://app.travira-air.com/"
],
"server": [
"Apache/2.2.15 (CentOS)"
]
},
"location": "https://app.travira-air.com/",
"protocol": "HTTP/1.1",
"status_code": 302,
"status_line": "302 Found"
}
],
"request": {
"headers": {
"accept": [
"*/*"
],
"referer": [
"http://182.23.116.39"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "app.travira-air.com",
"path": "/",
"scheme": "https"
}
},
"status_code": 200,
"title": "Travira Air - Phoenix Server"
}
},
"cve": [
{
"id": "CVE-2006-20001",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2008-0455",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2009-3560",
"score": 5,
"severity": "medium"
}
],
"url": "http://182.23.116.39/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-30T07:53:42.959Z"
},
{
"port": 110,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-30T19:19:44.933Z"
},
{
"port": 143,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-28T08:48:38.93Z"
},
{
"port": 443,
"protocol": "tcp",
"name": "http",
"version": "2.2.15",
"product": "Apache httpd",
"extra_info": "(CentOS)",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:apache:http_server:2.2.15",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "2\\.2\\.15",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<!DOCTYPE html PUBLIC \"-//W3C//DTD XHTML 1.0 Strict//EN\" \"http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd\">\r\n<html lang=\"en\" xml:lang=\"en\" xmlns=\"http://www.w3.org/1999/xhtml\">\r\n <head>\r\n <title>Response denied by WatchGuard HTTP Proxy</title> \r\n <style type=\"text/css\">\r\n body {\r\n font-family: Arial, Helvetica, Verdana, Sans-Serif;\r\n font-size: small; \r\n font-weight: normal; \r\n color: #000000;\r\n }\r\n div { \r\n margin-left: auto; \r\n margin-right: auto; \r\n text-align: center;\r\n }\r\n .box { \r\n width: 600px;\r\n background-color: #F2F2F2; \r\n border-left: solid 1px #C2C2C2; \r\n border-right: solid 1px #C2C2C2; \r\n vertical-align: middle;\r\n padding: 20px 10px 20px 10px;\r\n }\r\n p {\r\n text-align: left;\r\n }\r\n .red {\r\n font-weight: bold;\r\n color: Red;\r\n text-align: center;\r\n }\r\n .band { \r\n height: 20px;\r\n color: White;\r\n background: #333333;\r\n width: 600px;\r\n border-left: solid 1px #333333;\r\n border-right: solid 1px #333333;\r\n padding: 3px 10px 0px 10px;\r\n }\r\n div#wrap {\r\n margin-top: 50px;\r\n }\r\n </style>\r\n </head>\r\n <body> \r\n <div id=\"wrap\">\r\n <div class=\"band\"></div>\r\n <div class=\"box\" style=\"word-wrap:break-word;\">\r\n <p class=\"red\">Response denied by WatchGuard HTTP Proxy.</p>\r\n <p><b> Reason: </b> header-block invalid </p>\r\n <p>Please contact your administrator for assistance.</p>\r\n <p>More Details:</p>\r\n <p><b>Method:</b> GET</p>\r\n <p><b>Host:</b> 182.23.116.39:443</p>\r\n <p><b>Path:</b> /</p> \r\n </div>\r\n <div class=\"band\">WatchGuard Technologies, Inc.</div>\r\n </div>\r\n \r\n</body>\r\n</html>",
"body_murmur": 151886363,
"body_sha256": "23c675ae9c14e4e1544789aee052695c06a292d8e14266fd0ca6a0ae19d1496d",
"content_length": -1,
"headers": {
"content_type": [
"text/html; charset=\"utf-8\""
]
},
"protocol": "HTTP/1.0",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "182.23.116.39:443",
"path": "",
"scheme": "http"
}
},
"status_code": 502,
"title": "Response denied by WatchGuard HTTP Proxy"
},
"tls": {
"certificate": {
"extensions": {
"authority_info_access": {
"issuer_urls": [
"http://cacerts.geotrust.com/GeoTrustTLSRSACAG1.crt"
],
"ocsp_urls": [
"http://status.geotrust.com"
]
},
"authority_key_id": "944fd45d8be4a4e2a680fefdd8f900efa3be0257",
"basic_constraints": {
"is_ca": true
},
"certificate_policies": [
{
"cps": [
"http://www.digicert.com/CPS"
],
"id": "2.23.140.1.2.2"
}
],
"crl_distribution_points": [
"http://cdp.geotrust.com/GeoTrustTLSRSACAG1.crl"
],
"ct_precert_scts": "Signed Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : 0E:57:94:BC:F3:AE:A9:3E:33:1B:2C:99:07:B3:F7:90:\n DF:9B:C2:3D:71:32:25:DD:21:A9:25:AC:61:C5:4E:21\n Timestamp : Jun 2 04:23:30.005 2025 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:46:02:21:00:B0:2B:F6:DE:30:6F:12:DC:AF:27:2B:\n A5:77:F4:7D:B3:0D:77:DB:D5:01:30:5A:62:A3:38:54:\n 7D:D7:74:14:1D:02:21:00:A2:9D:E2:DA:89:2D:76:91:\n 94:DB:F0:2A:D6:F3:DC:81:12:4D:CF:62:71:63:71:CC:\n E2:85:9D:1F:44:A6:88:69\nSigned Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : 64:11:C4:6C:A4:12:EC:A7:89:1C:A2:02:2E:00:BC:AB:\n 4F:28:07:D4:1E:35:27:AB:EA:FE:D5:03:C9:7D:CD:F0\n Timestamp : Jun 2 04:23:30.051 2025 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:45:02:21:00:BD:DE:BD:DA:CC:F5:67:69:49:11:07:\n 47:5C:C9:E0:1B:67:D7:E5:A5:B7:46:EA:DF:BC:08:EE:\n 63:E3:4C:4E:37:02:20:16:B1:F6:F7:56:07:33:20:75:\n 3C:AB:85:27:9E:1C:36:67:86:B3:6C:A8:D7:C8:84:E0:\n EB:7B:CF:FB:D5:45:BD\nSigned Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : 49:9C:9B:69:DE:1D:7C:EC:FC:36:DE:CD:87:64:A6:B8:\n 5B:AF:0A:87:80:19:D1:55:52:FB:E9:EB:29:DD:F8:C3\n Timestamp : Jun 2 04:23:30.072 2025 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:45:02:21:00:E0:C3:96:E8:09:59:F4:14:34:0C:CA:\n 50:A2:BA:56:AA:4A:4F:39:78:6B:69:DA:FF:4A:70:D8:\n 9E:6E:1B:3A:13:02:20:34:65:0B:EC:C7:FA:29:7E:94:\n A8:73:6E:B5:07:3D:85:73:15:E8:6E:F2:AA:5E:99:42:\n 8A:63:6F:B4:5B:7F:50",
"extended_key_usage": {
"any": false,
"apple_code_signing": false,
"apple_code_signing_development": false,
"apple_code_signing_third_party": false,
"apple_crypto_development_env": false,
"apple_crypto_env": false,
"apple_crypto_maintenance_env": false,
"apple_crypto_production_env": false,
"apple_crypto_qos": false,
"apple_crypto_test_env": false,
"apple_crypto_tier0_qos": false,
"apple_crypto_tier1_qos": false,
"apple_crypto_tier2_qos": false,
"apple_crypto_tier3_qos": false,
"apple_ichat_encryption": false,
"apple_ichat_signing": false,
"apple_resource_signing": false,
"apple_software_update_signing": false,
"apple_system_identity": false,
"client_auth": true,
"code_signing": false,
"dvcs": false,
"eap_over_lan": false,
"eap_over_ppp": false,
"email_protection": false,
"ipsec_end_system": false,
"ipsec_intermediate_system_usage": false,
"ipsec_tunnel": false,
"ipsec_user": false,
"microsoft_ca_exchange": false,
"microsoft_cert_trust_list_signing": false,
"microsoft_csp_signature": false,
"microsoft_document_signing": false,
"microsoft_drm": false,
"microsoft_drm_individualization": false,
"microsoft_efs_recovery": false,
"microsoft_embedded_nt_crypto": false,
"microsoft_encrypted_file_system": false,
"microsoft_enrollment_agent": false,
"microsoft_kernel_mode_code_signing": false,
"microsoft_key_recovery_21": false,
"microsoft_key_recovery_3": false,
"microsoft_license_server": false,
"microsoft_licenses": false,
"microsoft_lifetime_signing": false,
"microsoft_mobile_device_software": false,
"microsoft_nt5_crypto": false,
"microsoft_oem_whql_crypto": false,
"microsoft_qualified_subordinate": false,
"microsoft_root_list_signer": false,
"microsoft_server_gated_crypto": false,
"microsoft_sgc_serialized": false,
"microsoft_smart_display": false,
"microsoft_smartcard_logon": false,
"microsoft_system_health": false,
"microsoft_system_health_loophole": false,
"microsoft_timestamp_signing": false,
"microsoft_whql_crypto": false,
"netscape_server_gated_crypto": false,
"ocsp_signing": false,
"sbgp_cert_aa_service_auth": false,
"server_auth": true,
"time_stamping": false
},
"key_usage": {
"certificate_sign": false,
"content_commitment": false,
"crl_sign": false,
"data_encipherment": false,
"decipher_only": false,
"digital_signature": true,
"encipher_only": false,
"key_agreement": false,
"key_encipherment": true
},
"subject_alt_name": {
"dns_names": [
"*.travira-air.com",
"travira-air.com"
]
},
"subject_key_id": "1a8d3ab06acdb1100a89d7d1f114ebdac36af150"
},
"fingerprint_md5": "490159798BF9DDD6932F1197FF5BC83A",
"fingerprint_sha1": "73DB17EF2CD194FC5D242FDC1F3DD9AEE8532F7C",
"fingerprint_sha256": "9382F8CCD55ABCB10402A90066819B1879A2BDCAE57FF878EC3B98C5F1297F51",
"issuer": {
"common_name": [
"GeoTrust TLS RSA CA G1"
],
"country": [
"US"
],
"organization": [
"DigiCert Inc"
],
"organizational_unit": [
"www.digicert.com"
]
},
"issuer_dn": "/C=US/O=DigiCert Inc/OU=www.digicert.com/CN=GeoTrust TLS RSA CA G1",
"jarm": "05d02d20d21d20d05c05d02d05d20d74fcf6501ae7a92319e575bfafd2a827",
"redacted": false,
"revocation": {
"crl": {
"next_update": "2025-12-05T23:06:20",
"reason": "UNKNOWN",
"revoked": false
},
"ocsp": {
"next_update": "2025-12-06T16:21:02",
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "16022431899509438945859866180805155917",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": false,
"value": "OWE0OWQ4ODZhNzM0OTkyMWZmOTg4YjhkYzNkZWRiMjVlZTM4ODUzODZkYzhkNGQxZDI1N2MxYTI4ZGI3MTFhY2JjZjAzMzdmOGJlZGEwOTBkZjJhZjZjZjhmYjVlM2U4N2YxMDAzMTljMjk1ZTkxMTVkOWI1NjY0ZTRiNTJlODdlYTYyYThjMjcwNTFhYzU3NmVlNmZjNjU5MTM1MTJiMGM4MDE1YjQwNTM5NjI3OTA3OWVhYmIxZWU0NTc0MmI0MjZkODNkNTFmYzMwZGZhZTIzNTZmZmI3ZDc1OGMzNDA1NzliNmFjNDUzOWY1MDdlM2Y0ZGI3MWYxOWI2MTNlZDE0MzZjY2IxZWQyZTM2ODE4NmZhMWUwMjk5NGEzYTM1ZDMxYWJlOTY2NmZmNjI0MTAwZTA2NjU4MGUxZjc1NjI0ZWFlNGJkZTNjNzRkZWYzYmUyMzM2OWE1YzlhMzg4NjFmZjNmNjNkNjVkM2JkYjE0MDdkYTY0NDZiYzVhMmU2YzBkNDc5NWZhNGE0OWMwN2Q4MWFmMDA3MDVmNWM2ZDQyZGU4NGYyZDViOGI2MmU1MjA4NmJlMmU1ZTcxN2YyM2Q5M2E1MDY1YjQxOTQ3YmJlYTFmNWZmNTc0YmRlMjM0MzQ0MmFkMWZmYmVmODdmZmI3YWFkNGRkM2E1ZGY1ZjI="
},
"signed_certificate_timestamps": [
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "0e5794bcf3aea93e331b2c9907b3f790df9bc23d713225dd21a925ac61c54e21",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "3046022100b02bf6de306f12dcaf272ba577f47db30d77dbd501305a62a338547dd774141d022100a29de2da892d769194dbf02ad6f3dc81124dcf62716371cce2859d1f44a68869"
},
"timestamp": "2025-06-02T04:23:30.005000",
"version": "v1"
},
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "6411c46ca412eca7891ca2022e00bcab4f2807d41e3527abeafed503c97dcdf0",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "3045022100bddebddaccf56769491107475cc9e01b67d7e5a5b746eadfbc08ee63e34c4e37022016b1f6f756073320753cab85279e1c366786b36ca8d7c884e0eb7bcffbd545bd"
},
"timestamp": "2025-06-02T04:23:30.051000",
"version": "v1"
},
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "499c9b69de1d7cecfc36decd8764a6b85baf0a878019d15552fbe9eb29ddf8c3",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "3045022100e0c396e80959f414340cca50a2ba56aa4a4f39786b69daff4a70d89e6e1b3a13022034650becc7fa297e94a8736eb5073d857315e86ef2aa5e99428a636fb45b7f50"
},
"timestamp": "2025-06-02T04:23:30.072000",
"version": "v1"
}
],
"signed_certificate_timestamps_oid": "1.3.6.1.4.1.11129.2.4.2",
"subject": {
"common_name": [
"*.travira-air.com"
],
"country": [
"ID"
],
"locality": [
"Jakarta Selatan"
],
"organization": [
"PT Travira Air"
],
"province": [
"Daerah Khusus Ibukota Jakarta"
]
},
"subject_alt_name": {
"dns_names": [
"*.travira-air.com",
"travira-air.com"
],
"extended_dns_names": [
{
"domain": "travira-air",
"fld": "travira-air.com",
"subdomain": "*",
"tld": "com"
},
{
"domain": "travira-air",
"fld": "travira-air.com",
"tld": "com"
}
]
},
"subject_dn": "/C=ID/ST=Daerah Khusus Ibukota Jakarta/L=Jakarta Selatan/O=PT Travira Air/CN=*.travira-air.com",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "d3987f6923bf0e11025c71ba0487c039c3044aebfaeceea71e347c37eda7cc15",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048,
"modulus": "MHhlYTRkNjhkZTI2NWQ3ODk0OThkYWE0MTYyM2I2NDJjZjg1MTBlNTRiZmNmN2Q0NjUxOWQxZjE1NGNmZWUzZTQ5ZDAyZDRlMTQzMjdhYWJiZjBlNjM1OGQ4Njk2OTI5NzZkNjk1MjhlMjQ5NjdhZTUzYWI5OTk2ZjA5YjM3ZDliNjIzYmZjZTlmMzJhMWNmYmMzYjA5NjUxNTYwMmI4M2M3MGE2OWJiNDgzZTJmODQyMWFjNDAyYTA2OTI4MzhjYjJkMjVjYjFhNzM5MzE3M2FiYTFmOTg5MTUxZmRiMWRkZThiMzIzYTdjZGQ0NDczODE2NDg2NDdmYTY0ZWZjYmIxZjgyNDAxNTIxNGNjYjU2ZTljOTZjMzU1ZTFjNDUwMmQ1ZTJhMDJkYTFkZmMxYzdmYzNhNzA0YmUzNjI2YTE2OGI0YzY5ZjVkYmNiZTllZDYzMjc2MDM4NzdhYTkwODMzOGU0ZmQ4MTY0NGMxNWVhMzdlYjEyYjA0NTBhMWNiYjBiODMzNWUwMzJjMGMzOTM1MTFhZTY2YzY1YThkN2I3OWE5N2YxMDc4NWEyZjNhODU1NWQzNzZjMWEwN2JkYzljYTZjMDViMzJjNmY1MWFlMDA2N2E4NWZhNWYyZWYyYjhhYzU5OWI5ZjI2YTU3MWM0NzQ0NTVmOTU3MTk3OTUxNw=="
}
},
"tbs_fingerprint": "210fdf232aa4765d0899d2c63e6f2c738cab6ec1be0f245bb20fc0f0669648ed",
"tbs_noct_fingerprint": "edf51ca980fc7a95250e9b8b6e3d391afb1c6f7178cbf1f77bdd914a66e8f311",
"validation_level": "OV",
"validity": {
"length_seconds": 30153600,
"not_after": "2026-05-16T23:59:59",
"not_before": "2025-06-02T00:00:00"
},
"version": 2
},
"fingerprint_sha256": "9382F8CCD55ABCB10402A90066819B1879A2BDCAE57FF878EC3B98C5F1297F51",
"precert": false,
"raw": "MIIGnTCCBYWgAwIBAgIQDA3O4h0JY3KFFLUNuCdcTTANBgkqhkiG9w0BAQsFADBgMQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQuY29tMR8wHQYDVQQDExZHZW9UcnVzdCBUTFMgUlNBIENBIEcxMB4XDTI1MDYwMjAwMDAwMFoXDTI2MDUxNjIzNTk1OVowgYQxCzAJBgNVBAYTAklEMSYwJAYDVQQIEx1EYWVyYWggS2h1c3VzIElidWtvdGEgSmFrYXJ0YTEYMBYGA1UEBxMPSmFrYXJ0YSBTZWxhdGFuMRcwFQYDVQQKEw5QVCBUcmF2aXJhIEFpcjEaMBgGA1UEAwwRKi50cmF2aXJhLWFpci5jb20wggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDqTWjeJl14lJjapBYjtkLPhRDlS/z31GUZ0fFUz+4+SdAtThQyequ/DmNY2GlpKXbWlSjiSWeuU6uZlvCbN9m2I7/OnzKhz7w7CWUVYCuDxwppu0g+L4QhrEAqBpKDjLLSXLGnOTFzq6H5iRUf2x3eizI6fN1Ec4Fkhkf6ZO/LsfgkAVIUzLVunJbDVeHEUC1eKgLaHfwcf8OnBL42JqFotMafXby+ntYydgOHeqkIM45P2BZEwV6jfrErBFChy7C4M14DLAw5NRGuZsZajXt5qX8QeFovOoVV03bBoHvcnKbAWzLG9RrgBnqF+l8u8risWZufJqVxxHRFX5Vxl5UXAgMBAAGjggMsMIIDKDAfBgNVHSMEGDAWgBSUT9Rdi+Sk4qaA/v3Y+QDvo74CVzAdBgNVHQ4EFgQUGo06sGrNsRAKidfR8RTr2sNq8VAwLQYDVR0RBCYwJIIRKi50cmF2aXJhLWFpci5jb22CD3RyYXZpcmEtYWlyLmNvbTA+BgNVHSAENzA1MDMGBmeBDAECAjApMCcGCCsGAQUFBwIBFhtodHRwOi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgWgMB0GA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjA/BgNVHR8EODA2MDSgMqAwhi5odHRwOi8vY2RwLmdlb3RydXN0LmNvbS9HZW9UcnVzdFRMU1JTQUNBRzEuY3JsMHYGCCsGAQUFBwEBBGowaDAmBggrBgEFBQcwAYYaaHR0cDovL3N0YXR1cy5nZW90cnVzdC5jb20wPgYIKwYBBQUHMAKGMmh0dHA6Ly9jYWNlcnRzLmdlb3RydXN0LmNvbS9HZW9UcnVzdFRMU1JTQUNBRzEuY3J0MAwGA1UdEwEB/wQCMAAwggF/BgorBgEEAdZ5AgQCBIIBbwSCAWsBaQB3AA5XlLzzrqk+MxssmQez95Dfm8I9cTIl3SGpJaxhxU4hAAABly7hWdUAAAQDAEgwRgIhALAr9t4wbxLcrycrpXf0fbMNd9vVATBaYqM4VH3XdBQdAiEAop3i2oktdpGU2/Aq1vPcgRJNz2JxY3HM4oWdH0SmiGkAdgBkEcRspBLsp4kcogIuALyrTygH1B41J6vq/tUDyX3N8AAAAZcu4VoDAAAEAwBHMEUCIQC93r3azPVnaUkRB0dcyeAbZ9flpbdG6t+8CO5j40xONwIgFrH291YHMyB1PKuFJ54cNmeGs2yo18iE4Ot7z/vVRb0AdgBJnJtp3h187Pw23s2HZKa4W68Kh4AZ0VVS++nrKd34wwAAAZcu4VoYAAAEAwBHMEUCIQDgw5boCVn0FDQMylCiulaqSk85eGtp2v9KcNiebhs6EwIgNGUL7Mf6KX6UqHNutQc9hXMV6G7yql6ZQopjb7Rbf1AwDQYJKoZIhvcNAQELBQADggEBAJpJ2IanNJkh/5iLjcPe2yXuOIU4bcjU0dJXwaKNtxGsvPAzf4vtoJDfKvbPj7Xj6H8QAxnClekRXZtWZOS1LofqYqjCcFGsV27m/GWRNRKwyAFbQFOWJ5B56rse5FdCtCbYPVH8MN+uI1b/t9dYw0BXm2rEU59Qfj9Ntx8ZthPtFDbMse0uNoGG+h4CmUo6NdMavpZm/2JBAOBmWA4fdWJOrkvePHTe874jNppcmjiGH/P2PWXTvbFAfaZEa8Wi5sDUeV+kpJwH2BrwBwX1xtQt6E8tW4ti5SCGvi5ecX8j2TpQZbQZR7vqH1/1dL3iNDRCrR/774f/t6rU3Tpd9fI=",
"tags": [
"ov",
"trusted"
]
}
},
"cve": [
{
"id": "CVE-2006-20001",
"score": 7.5,
"severity": "high"
},
{
"id": "CVE-2008-0455",
"score": 4.3,
"severity": "medium"
},
{
"id": "CVE-2009-3560",
"score": 5,
"severity": "medium"
}
],
"url": "https://182.23.116.39/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-30T00:28:13.917Z"
},
{
"port": 445,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-30T02:54:55.41Z"
},
{
"port": 465,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-12-01T11:31:22.279Z"
},
{
"port": 587,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-19T02:02:04.624Z"
},
{
"port": 993,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-12-02T00:10:56.215Z"
},
{
"port": 995,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-28T07:26:06.653Z"
},
{
"port": 1234,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-12-01T18:46:32.715Z"
},
{
"port": 1434,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-12-02T16:19:35.612Z"
},
{
"port": 1911,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-12-02T04:53:05.348Z"
},
{
"port": 2181,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-12-02T16:49:18.719Z"
},
{
"port": 2525,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-12-02T15:07:12.457Z"
},
{
"port": 4891,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-12-01T06:02:33.046Z"
},
{
"port": 5000,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-25T20:59:51.024Z"
},
{
"port": 5060,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-29T20:59:04.802Z"
},
{
"port": 6443,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-30T04:57:36.867Z"
},
{
"port": 8080,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-30T16:17:14.904Z"
},
{
"port": 8086,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-26T02:59:11.879Z"
},
{
"port": 8087,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-07T09:43:10.523Z"
},
{
"port": 8500,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-12-02T11:25:17.326Z"
},
{
"port": 9042,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-12-02T14:23:11.957Z"
},
{
"port": 9092,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-12-01T19:18:08.401Z"
},
{
"port": 10250,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-12-01T01:49:39.844Z"
},
{
"port": 11211,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-05T13:20:17.32Z"
},
{
"port": 11434,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-24T09:29:45.679Z"
},
{
"port": 15671,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-20T07:24:00.27Z"
},
{
"port": 15672,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-05T11:56:54.213Z"
},
{
"port": 20000,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-30T12:00:44.388Z"
},
{
"port": 27017,
"protocol": "tcp",
"name": "unknown",
"version": "",
"product": "",
"extra_info": "",
"tunnel": "",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-05T06:32:54.202Z"
}
],
"services_hash": "15caf9372941f0ec32782110e49577bb83f375af28e13caccee6b51ceb4d3d71",
"last_updated_at": "2025-12-02T21:07:21.187Z",
"banner": [
"http",
"tls"
],
"is_vuln": true,
"cveDetails": {
"CVE-2006-20001": {
"id": "CVE-2006-20001",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://security.netapp.com/advisory/ntap-20230316-0005/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "A carefully crafted If: request header can cause a memory read, or write of a single zero byte, in a pool (heap) memory location beyond the header value sent. This could cause the process to crash.\n\nThis issue affects Apache HTTP Server 2.4.54 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-787"
},
"CVE-2008-0455": {
"id": "CVE-2008-0455",
"references": [
"http://rhn.redhat.com/errata/RHSA-2012-1591.html",
"http://rhn.redhat.com/errata/RHSA-2012-1592.html",
"http://rhn.redhat.com/errata/RHSA-2012-1594.html",
"http://rhn.redhat.com/errata/RHSA-2013-0130.html",
"http://secunia.com/advisories/29348",
"http://secunia.com/advisories/51607",
"http://security.gentoo.org/glsa/glsa-200803-19.xml",
"http://securityreason.com/securityalert/3575",
"http://securitytracker.com/id?1019256",
"http://www.mindedsecurity.com/MSA01150108.html",
"http://www.securityfocus.com/archive/1/486847/100/0/threaded",
"http://www.securityfocus.com/bid/27409",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/39867",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 4.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Cross-site scripting (XSS) vulnerability in the mod_negotiation module in the Apache HTTP Server 2.2.6 and earlier in the 2.2.x series, 2.0.61 and earlier in the 2.0.x series, and 1.3.39 and earlier in the 1.3.x series allows remote authenticated users to inject arbitrary web script or HTML by uploading a file with a name containing XSS sequences and a file extension, which leads to injection within a (1) \"406 Not Acceptable\" or (2) \"300 Multiple Choices\" HTTP response when the extension is omitted in a request for the file.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-79"
},
"CVE-2009-3560": {
"id": "CVE-2009-3560",
"references": [
"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165",
"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165",
"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",
"http://lists.vmware.com/pipermail/security-announce/2010/000082.html",
"http://mail.python.org/pipermail/expat-bugs/2009-November/002846.html",
"http://marc.info/?l=bugtraq&m=130168502603566&w=2",
"http://secunia.com/advisories/37537",
"http://secunia.com/advisories/38231",
"http://secunia.com/advisories/38794",
"http://secunia.com/advisories/38832",
"http://secunia.com/advisories/38834",
"http://secunia.com/advisories/39478",
"http://secunia.com/advisories/41701",
"http://secunia.com/advisories/43300",
"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026",
"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1",
"http://www.debian.org/security/2009/dsa-1953",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:316",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.securityfocus.com/bid/37203",
"http://www.securitytracker.com/id?1023278",
"http://www.ubuntu.com/usn/USN-890-1",
"http://www.ubuntu.com/usn/USN-890-6",
"http://www.vupen.com/english/advisories/2010/0528",
"http://www.vupen.com/english/advisories/2010/0896",
"http://www.vupen.com/english/advisories/2010/1107",
"http://www.vupen.com/english/advisories/2011/0359",
"https://bugzilla.redhat.com/show_bug.cgi?id=533174",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10613",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12942",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6883",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00394.html",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html",
"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?r1=1.164&r2=1.165",
"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmlparse.c?view=log#rev1.165",
"http://lists.opensuse.org/opensuse-security-announce/2010-01/msg00007.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",
"http://lists.vmware.com/pipermail/security-announce/2010/000082.html",
"http://mail.python.org/pipermail/expat-bugs/2009-November/002846.html",
"http://marc.info/?l=bugtraq&m=130168502603566&w=2",
"http://secunia.com/advisories/37537",
"http://secunia.com/advisories/38231",
"http://secunia.com/advisories/38794",
"http://secunia.com/advisories/38832",
"http://secunia.com/advisories/38834",
"http://secunia.com/advisories/39478",
"http://secunia.com/advisories/41701",
"http://secunia.com/advisories/43300",
"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026",
"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1",
"http://www.debian.org/security/2009/dsa-1953",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:316",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.securityfocus.com/bid/37203",
"http://www.securitytracker.com/id?1023278",
"http://www.ubuntu.com/usn/USN-890-1",
"http://www.ubuntu.com/usn/USN-890-6",
"http://www.vupen.com/english/advisories/2010/0528",
"http://www.vupen.com/english/advisories/2010/0896",
"http://www.vupen.com/english/advisories/2010/1107",
"http://www.vupen.com/english/advisories/2011/0359",
"https://bugzilla.redhat.com/show_bug.cgi?id=533174",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10613",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12942",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6883",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00394.html",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The big2_toUtf8 function in lib/xmltok.c in libexpat in Expat 2.0.1, as used in the XML-Twig module for Perl, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with malformed UTF-8 sequences that trigger a buffer over-read, related to the doProlog function in lib/xmlparse.c, a different vulnerability than CVE-2009-2625 and CVE-2009-3720.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-119"
},
"CVE-2009-3720": {
"id": "CVE-2009-3720",
"references": [
"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch",
"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?view=log",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051228.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051247.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051367.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051405.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051442.html",
"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",
"http://lists.vmware.com/pipermail/security-announce/2010/000082.html",
"http://mail.python.org/pipermail/expat-bugs/2009-January/002781.html",
"http://marc.info/?l=bugtraq&m=130168502603566&w=2",
"http://secunia.com/advisories/37324",
"http://secunia.com/advisories/37537",
"http://secunia.com/advisories/37925",
"http://secunia.com/advisories/38050",
"http://secunia.com/advisories/38231",
"http://secunia.com/advisories/38794",
"http://secunia.com/advisories/38832",
"http://secunia.com/advisories/38834",
"http://secunia.com/advisories/39478",
"http://secunia.com/advisories/41701",
"http://secunia.com/advisories/42326",
"http://secunia.com/advisories/42338",
"http://secunia.com/advisories/43300",
"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026",
"http://sourceforge.net/tracker/index.php?func=detail&aid=1990430&group_id=10127&atid=110127",
"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1",
"http://svn.python.org/view?view=rev&revision=74429",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:211",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:212",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:215",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:216",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:217",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:218",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:219",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:220",
"http://www.openwall.com/lists/oss-security/2009/08/21/2",
"http://www.openwall.com/lists/oss-security/2009/08/26/3",
"http://www.openwall.com/lists/oss-security/2009/08/26/4",
"http://www.openwall.com/lists/oss-security/2009/08/27/6",
"http://www.openwall.com/lists/oss-security/2009/09/06/1",
"http://www.openwall.com/lists/oss-security/2009/10/22/5",
"http://www.openwall.com/lists/oss-security/2009/10/22/9",
"http://www.openwall.com/lists/oss-security/2009/10/23/2",
"http://www.openwall.com/lists/oss-security/2009/10/23/6",
"http://www.openwall.com/lists/oss-security/2009/10/26/3",
"http://www.openwall.com/lists/oss-security/2009/10/28/3",
"http://www.redhat.com/support/errata/RHSA-2010-0002.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.securitytracker.com/id?1023160",
"http://www.ubuntu.com/usn/USN-890-1",
"http://www.ubuntu.com/usn/USN-890-6",
"http://www.vupen.com/english/advisories/2010/0528",
"http://www.vupen.com/english/advisories/2010/0896",
"http://www.vupen.com/english/advisories/2010/1107",
"http://www.vupen.com/english/advisories/2010/3035",
"http://www.vupen.com/english/advisories/2010/3053",
"http://www.vupen.com/english/advisories/2010/3061",
"http://www.vupen.com/english/advisories/2011/0359",
"https://bugs.gentoo.org/show_bug.cgi?id=280615",
"https://bugzilla.redhat.com/show_bug.cgi?id=531697",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11019",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12719",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7112",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01274.html",
"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?r1=1.13&r2=1.15&view=patch",
"http://expat.cvs.sourceforge.net/viewvc/expat/expat/lib/xmltok_impl.c?view=log",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051228.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051247.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051367.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051405.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-November/051442.html",
"http://lists.opensuse.org/opensuse-security-announce/2009-11/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-05/msg00002.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html",
"http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html",
"http://lists.vmware.com/pipermail/security-announce/2010/000082.html",
"http://mail.python.org/pipermail/expat-bugs/2009-January/002781.html",
"http://marc.info/?l=bugtraq&m=130168502603566&w=2",
"http://secunia.com/advisories/37324",
"http://secunia.com/advisories/37537",
"http://secunia.com/advisories/37925",
"http://secunia.com/advisories/38050",
"http://secunia.com/advisories/38231",
"http://secunia.com/advisories/38794",
"http://secunia.com/advisories/38832",
"http://secunia.com/advisories/38834",
"http://secunia.com/advisories/39478",
"http://secunia.com/advisories/41701",
"http://secunia.com/advisories/42326",
"http://secunia.com/advisories/42338",
"http://secunia.com/advisories/43300",
"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.486026",
"http://sourceforge.net/tracker/index.php?func=detail&aid=1990430&group_id=10127&atid=110127",
"http://sunsolve.sun.com/search/document.do?assetkey=1-66-273630-1",
"http://svn.python.org/view?view=rev&revision=74429",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:211",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:212",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:215",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:216",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:217",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:218",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:219",
"http://www.mandriva.com/security/advisories?name=MDVSA-2009:220",
"http://www.openwall.com/lists/oss-security/2009/08/21/2",
"http://www.openwall.com/lists/oss-security/2009/08/26/3",
"http://www.openwall.com/lists/oss-security/2009/08/26/4",
"http://www.openwall.com/lists/oss-security/2009/08/27/6",
"http://www.openwall.com/lists/oss-security/2009/09/06/1",
"http://www.openwall.com/lists/oss-security/2009/10/22/5",
"http://www.openwall.com/lists/oss-security/2009/10/22/9",
"http://www.openwall.com/lists/oss-security/2009/10/23/2",
"http://www.openwall.com/lists/oss-security/2009/10/23/6",
"http://www.openwall.com/lists/oss-security/2009/10/26/3",
"http://www.openwall.com/lists/oss-security/2009/10/28/3",
"http://www.redhat.com/support/errata/RHSA-2010-0002.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.securitytracker.com/id?1023160",
"http://www.ubuntu.com/usn/USN-890-1",
"http://www.ubuntu.com/usn/USN-890-6",
"http://www.vupen.com/english/advisories/2010/0528",
"http://www.vupen.com/english/advisories/2010/0896",
"http://www.vupen.com/english/advisories/2010/1107",
"http://www.vupen.com/english/advisories/2010/3035",
"http://www.vupen.com/english/advisories/2010/3053",
"http://www.vupen.com/english/advisories/2010/3061",
"http://www.vupen.com/english/advisories/2011/0359",
"https://bugs.gentoo.org/show_bug.cgi?id=280615",
"https://bugzilla.redhat.com/show_bug.cgi?id=531697",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2295080a257bad27ea68ca0af12fc715577f9e84801eae116a33107e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/reb7c64aeea604bf948467d9d1cab8ff23fa7d002be1964bcc275aae7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11019",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12719",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A7112",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00370.html",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg00413.html",
"https://www.redhat.com/archives/fedora-package-announce/2009-December/msg01274.html"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The updatePosition function in lib/xmltok_impl.c in libexpat in Expat 2.0.1, as used in Python, PyXML, w3c-libwww, and other software, allows context-dependent attackers to cause a denial of service (application crash) via an XML document with crafted UTF-8 sequences that trigger a buffer over-read, a different vulnerability than CVE-2009-2625.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2010-1452": {
"id": "CVE-2010-1452",
"references": [
"http://blogs.sun.com/security/entry/cve_2010_1452_mod_dav",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html",
"http://marc.info/?l=apache-announce&m=128009718610929&w=2",
"http://marc.info/?l=bugtraq&m=129190899612998&w=2",
"http://marc.info/?l=bugtraq&m=129190899612998&w=2",
"http://marc.info/?l=bugtraq&m=133355494609819&w=2",
"http://marc.info/?l=bugtraq&m=133355494609819&w=2",
"http://secunia.com/advisories/42367",
"http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.467395",
"http://support.apple.com/kb/HT4581",
"http://ubuntu.com/usn/usn-1021-1",
"http://www.redhat.com/support/errata/RHSA-2010-0659.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.redhat.com/support/errata/RHSA-2011-0897.html",
"http://www.vupen.com/english/advisories/2010/2218",
"http://www.vupen.com/english/advisories/2010/3064",
"http://www.vupen.com/english/advisories/2011/0291",
"https://issues.apache.org/bugzilla/show_bug.cgi?id=49246",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11683",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12341",
"http://blogs.sun.com/security/entry/cve_2010_1452_mod_dav",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html",
"http://marc.info/?l=apache-announce&m=128009718610929&w=2",
"http://marc.info/?l=bugtraq&m=129190899612998&w=2",
"http://marc.info/?l=bugtraq&m=129190899612998&w=2",
"http://marc.info/?l=bugtraq&m=133355494609819&w=2",
"http://marc.info/?l=bugtraq&m=133355494609819&w=2",
"http://secunia.com/advisories/42367",
"http://slackware.com/security/viewer.php?l=slackware-security&y=2010&m=slackware-security.467395",
"http://support.apple.com/kb/HT4581",
"http://ubuntu.com/usn/usn-1021-1",
"http://www.redhat.com/support/errata/RHSA-2010-0659.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.redhat.com/support/errata/RHSA-2011-0897.html",
"http://www.vupen.com/english/advisories/2010/2218",
"http://www.vupen.com/english/advisories/2010/3064",
"http://www.vupen.com/english/advisories/2011/0291",
"https://issues.apache.org/bugzilla/show_bug.cgi?id=49246",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11683",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12341"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The (1) mod_cache and (2) mod_dav modules in the Apache HTTP Server 2.2.x before 2.2.16 allow remote attackers to cause a denial of service (process crash) via a request that lacks a path.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-Other"
},
"CVE-2010-1623": {
"id": "CVE-2010-1623",
"references": [
"http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html",
"http://marc.info/?l=bugtraq&m=130168502603566&w=2",
"http://secunia.com/advisories/41701",
"http://secunia.com/advisories/42015",
"http://secunia.com/advisories/42361",
"http://secunia.com/advisories/42367",
"http://secunia.com/advisories/42403",
"http://secunia.com/advisories/42537",
"http://secunia.com/advisories/43211",
"http://secunia.com/advisories/43285",
"http://security-tracker.debian.org/tracker/CVE-2010-1623",
"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828",
"http://svn.apache.org/viewvc?view=revision&revision=1003492",
"http://svn.apache.org/viewvc?view=revision&revision=1003493",
"http://svn.apache.org/viewvc?view=revision&revision=1003494",
"http://svn.apache.org/viewvc?view=revision&revision=1003495",
"http://svn.apache.org/viewvc?view=revision&revision=1003626",
"http://ubuntu.com/usn/usn-1021-1",
"http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601",
"http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601",
"http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3",
"http://www.mandriva.com/security/advisories?name=MDVSA-2010:192",
"http://www.redhat.com/support/errata/RHSA-2010-0950.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.redhat.com/support/errata/RHSA-2011-0897.html",
"http://www.securityfocus.com/bid/43673",
"http://www.ubuntu.com/usn/USN-1022-1",
"http://www.vupen.com/english/advisories/2010/2556",
"http://www.vupen.com/english/advisories/2010/2557",
"http://www.vupen.com/english/advisories/2010/2806",
"http://www.vupen.com/english/advisories/2010/3064",
"http://www.vupen.com/english/advisories/2010/3065",
"http://www.vupen.com/english/advisories/2010/3074",
"http://www.vupen.com/english/advisories/2011/0358",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12800",
"http://blogs.sun.com/security/entry/cve_2010_1623_memory_leak",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049885.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2010-October/049939.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html",
"http://marc.info/?l=bugtraq&m=130168502603566&w=2",
"http://secunia.com/advisories/41701",
"http://secunia.com/advisories/42015",
"http://secunia.com/advisories/42361",
"http://secunia.com/advisories/42367",
"http://secunia.com/advisories/42403",
"http://secunia.com/advisories/42537",
"http://secunia.com/advisories/43211",
"http://secunia.com/advisories/43285",
"http://security-tracker.debian.org/tracker/CVE-2010-1623",
"http://slackware.com/security/viewer.php?l=slackware-security&y=2011&m=slackware-security.627828",
"http://svn.apache.org/viewvc?view=revision&revision=1003492",
"http://svn.apache.org/viewvc?view=revision&revision=1003493",
"http://svn.apache.org/viewvc?view=revision&revision=1003494",
"http://svn.apache.org/viewvc?view=revision&revision=1003495",
"http://svn.apache.org/viewvc?view=revision&revision=1003626",
"http://ubuntu.com/usn/usn-1021-1",
"http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601",
"http://www-01.ibm.com/support/docview.wss?uid=swg1PM31601",
"http://www.apache.org/dist/apr/CHANGES-APR-UTIL-1.3",
"http://www.mandriva.com/security/advisories?name=MDVSA-2010:192",
"http://www.redhat.com/support/errata/RHSA-2010-0950.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.redhat.com/support/errata/RHSA-2011-0897.html",
"http://www.securityfocus.com/bid/43673",
"http://www.ubuntu.com/usn/USN-1022-1",
"http://www.vupen.com/english/advisories/2010/2556",
"http://www.vupen.com/english/advisories/2010/2557",
"http://www.vupen.com/english/advisories/2010/2806",
"http://www.vupen.com/english/advisories/2010/3064",
"http://www.vupen.com/english/advisories/2010/3065",
"http://www.vupen.com/english/advisories/2010/3074",
"http://www.vupen.com/english/advisories/2011/0358",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A12800"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Memory leak in the apr_brigade_split_line function in buckets/apr_brigade.c in the Apache Portable Runtime Utility library (aka APR-util) before 1.3.10, as used in the mod_reqtimeout module in the Apache HTTP Server and other software, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors related to the destruction of an APR bucket.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-119"
},
"CVE-2010-2068": {
"id": "CVE-2010-2068",
"references": [
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://lists.apple.com/archives/security-announce/2011/Mar/msg00006.html",
"http://mail-archives.apache.org/mod_mbox/httpd-announce/201006.mbox/%3C4C12933D.4060400%40apache.org%3E",
"http://marc.info/?l=apache-announce&m=128009718610929&w=2",
"http://secunia.com/advisories/40206",
"http://secunia.com/advisories/40824",
"http://secunia.com/advisories/41480",
"http://secunia.com/advisories/41490",
"http://secunia.com/advisories/41722",
"http://securitytracker.com/id?1024096",
"http://support.apple.com/kb/HT4581",
"http://www-01.ibm.com/support/docview.wss?uid=nas352ca0ac9460f9b8886257777005dd0e4",
"http://www.apache.org/dist/httpd/patches/apply_to_2.2.15/CVE-2010-2068-r953616.patch",
"http://www.apache.org/dist/httpd/patches/apply_to_2.3.5/CVE-2010-2068-r953418.patch",
"http://www.ibm.com/support/docview.wss?uid=swg1PM16366",
"http://www.itrc.hp.com/service/cki/docDisplay.do?docId=emr_na-c02512995",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html",
"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.securityfocus.com/archive/1/511809/100/0/threaded",
"http://www.securityfocus.com/bid/40827",
"http://www.vupen.com/english/advisories/2010/1436",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/59413",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad2acee3ab838b52c04a0698b1728a9a43467bf365bd481c993c535d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11491",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A6931"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "mod_proxy_http.c in mod_proxy_http in the Apache HTTP Server 2.2.9 through 2.2.15, 2.3.4-alpha, and 2.3.5-alpha on Windows, NetWare, and OS/2, in certain configurations involving proxy worker pools, does not properly detect timeouts, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request.",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2011-0419": {
"id": "CVE-2011-0419",
"references": [
"http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22",
"http://cxib.net/stuff/apache.fnmatch.phps",
"http://cxib.net/stuff/apr_fnmatch.txts",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html",
"http://marc.info/?l=bugtraq&m=131551295528105&w=2",
"http://marc.info/?l=bugtraq&m=131551295528105&w=2",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://secunia.com/advisories/44490",
"http://secunia.com/advisories/44564",
"http://secunia.com/advisories/44574",
"http://secunia.com/advisories/48308",
"http://securityreason.com/achievement_securityalert/98",
"http://securityreason.com/securityalert/8246",
"http://securitytracker.com/id?1025527",
"http://support.apple.com/kb/HT5002",
"http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902",
"http://svn.apache.org/viewvc?view=revision&revision=1098188",
"http://svn.apache.org/viewvc?view=revision&revision=1098799",
"http://www.apache.org/dist/apr/Announcement1.x.html",
"http://www.apache.org/dist/apr/CHANGES-APR-1.4",
"http://www.apache.org/dist/httpd/Announcement2.2.html",
"http://www.debian.org/security/2011/dsa-2237",
"http://www.mail-archive.com/dev%40apr.apache.org/msg23960.html",
"http://www.mail-archive.com/dev%40apr.apache.org/msg23961.html",
"http://www.mail-archive.com/dev%40apr.apache.org/msg23976.html",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:084",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"http://www.redhat.com/support/errata/RHSA-2011-0507.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.redhat.com/support/errata/RHSA-2011-0897.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=703390",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804",
"http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/gen/fnmatch.c#rev1.22",
"http://cxib.net/stuff/apache.fnmatch.phps",
"http://cxib.net/stuff/apr_fnmatch.txts",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html",
"http://marc.info/?l=bugtraq&m=131551295528105&w=2",
"http://marc.info/?l=bugtraq&m=131551295528105&w=2",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://secunia.com/advisories/44490",
"http://secunia.com/advisories/44564",
"http://secunia.com/advisories/44574",
"http://secunia.com/advisories/48308",
"http://securityreason.com/achievement_securityalert/98",
"http://securityreason.com/securityalert/8246",
"http://securitytracker.com/id?1025527",
"http://support.apple.com/kb/HT5002",
"http://svn.apache.org/viewvc/apr/apr/branches/1.4.x/strings/apr_fnmatch.c?r1=731029&r2=1098902",
"http://svn.apache.org/viewvc?view=revision&revision=1098188",
"http://svn.apache.org/viewvc?view=revision&revision=1098799",
"http://www.apache.org/dist/apr/Announcement1.x.html",
"http://www.apache.org/dist/apr/CHANGES-APR-1.4",
"http://www.apache.org/dist/httpd/Announcement2.2.html",
"http://www.debian.org/security/2011/dsa-2237",
"http://www.mail-archive.com/dev%40apr.apache.org/msg23960.html",
"http://www.mail-archive.com/dev%40apr.apache.org/msg23961.html",
"http://www.mail-archive.com/dev%40apr.apache.org/msg23976.html",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:084",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fnmatch.c#rev1.15",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"http://www.redhat.com/support/errata/RHSA-2011-0507.html",
"http://www.redhat.com/support/errata/RHSA-2011-0896.html",
"http://www.redhat.com/support/errata/RHSA-2011-0897.html",
"https://bugzilla.redhat.com/show_bug.cgi?id=703390",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14638",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14804"
],
"score": 4.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Stack consumption vulnerability in the fnmatch implementation in apr_fnmatch.c in the Apache Portable Runtime (APR) library before 1.4.3 and the Apache HTTP Server before 2.2.18, and in fnmatch.c in libc in NetBSD 5.1, OpenBSD 4.8, FreeBSD, Apple Mac OS X 10.6, Oracle Solaris 10, and Android, allows context-dependent attackers to cause a denial of service (CPU and memory consumption) via *? sequences in the first argument, as demonstrated by attacks against mod_autoindex in httpd.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"weakness": "CWE-770"
},
"CVE-2011-3192": {
"id": "CVE-2011-3192",
"references": [
"http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html",
"http://blogs.oracle.com/security/entry/security_alert_for_cve_2011",
"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html",
"http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD%40minotaur.apache.org%3e",
"http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g%40mail.gmail.com%3e",
"http://marc.info/?l=bugtraq&m=131551295528105&w=2",
"http://marc.info/?l=bugtraq&m=131551295528105&w=2",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://marc.info/?l=bugtraq&m=133477473521382&w=2",
"http://marc.info/?l=bugtraq&m=133477473521382&w=2",
"http://marc.info/?l=bugtraq&m=133951357207000&w=2",
"http://marc.info/?l=bugtraq&m=133951357207000&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://osvdb.org/74721",
"http://seclists.org/fulldisclosure/2011/Aug/175",
"http://secunia.com/advisories/45606",
"http://secunia.com/advisories/45937",
"http://secunia.com/advisories/46000",
"http://secunia.com/advisories/46125",
"http://secunia.com/advisories/46126",
"http://securitytracker.com/id?1025960",
"http://support.apple.com/kb/HT5002",
"http://www.apache.org/dist/httpd/Announcement2.2.html",
"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml",
"http://www.exploit-db.com/exploits/17696",
"http://www.gossamer-threads.com/lists/apache/dev/401638",
"http://www.kb.cert.org/vuls/id/405811",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:130",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html",
"http://www.redhat.com/support/errata/RHSA-2011-1245.html",
"http://www.redhat.com/support/errata/RHSA-2011-1294.html",
"http://www.redhat.com/support/errata/RHSA-2011-1300.html",
"http://www.redhat.com/support/errata/RHSA-2011-1329.html",
"http://www.redhat.com/support/errata/RHSA-2011-1330.html",
"http://www.redhat.com/support/errata/RHSA-2011-1369.html",
"http://www.securityfocus.com/bid/49303",
"http://www.ubuntu.com/usn/USN-1199-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=732928",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/69396",
"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"https://issues.apache.org/bugzilla/show_bug.cgi?id=51714",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827",
"http://archives.neohapsis.com/archives/fulldisclosure/2011-08/0285.html",
"http://blogs.oracle.com/security/entry/security_alert_for_cve_2011",
"http://lists.apple.com/archives/Security-announce/2011//Oct/msg00003.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00006.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00009.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00010.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-09/msg00011.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00008.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html",
"http://mail-archives.apache.org/mod_mbox/httpd-announce/201108.mbox/%3c20110824161640.122D387DD%40minotaur.apache.org%3e",
"http://mail-archives.apache.org/mod_mbox/httpd-dev/201108.mbox/%3cCAAPSnn2PO-d-C4nQt_TES2RRWiZr7urefhTKPWBC1b+K1Dqc7g%40mail.gmail.com%3e",
"http://marc.info/?l=bugtraq&m=131551295528105&w=2",
"http://marc.info/?l=bugtraq&m=131551295528105&w=2",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://marc.info/?l=bugtraq&m=133477473521382&w=2",
"http://marc.info/?l=bugtraq&m=133477473521382&w=2",
"http://marc.info/?l=bugtraq&m=133951357207000&w=2",
"http://marc.info/?l=bugtraq&m=133951357207000&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://osvdb.org/74721",
"http://seclists.org/fulldisclosure/2011/Aug/175",
"http://secunia.com/advisories/45606",
"http://secunia.com/advisories/45937",
"http://secunia.com/advisories/46000",
"http://secunia.com/advisories/46125",
"http://secunia.com/advisories/46126",
"http://securitytracker.com/id?1025960",
"http://support.apple.com/kb/HT5002",
"http://www.apache.org/dist/httpd/Announcement2.2.html",
"http://www.cisco.com/en/US/products/products_security_advisory09186a0080b90d73.shtml",
"http://www.exploit-db.com/exploits/17696",
"http://www.gossamer-threads.com/lists/apache/dev/401638",
"http://www.kb.cert.org/vuls/id/405811",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:130",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/alert-cve-2011-3192-485304.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2012-366304.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2011-330135.html",
"http://www.redhat.com/support/errata/RHSA-2011-1245.html",
"http://www.redhat.com/support/errata/RHSA-2011-1294.html",
"http://www.redhat.com/support/errata/RHSA-2011-1300.html",
"http://www.redhat.com/support/errata/RHSA-2011-1329.html",
"http://www.redhat.com/support/errata/RHSA-2011-1330.html",
"http://www.redhat.com/support/errata/RHSA-2011-1369.html",
"http://www.securityfocus.com/bid/49303",
"http://www.ubuntu.com/usn/USN-1199-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=732928",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/69396",
"https://help.ecostruxureit.com/display/public/UADCE725/Security+fixes+in+StruxureWare+Data+Center+Expert+v7.6.0",
"https://issues.apache.org/bugzilla/show_bug.cgi?id=51714",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14762",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14824",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18827"
],
"score": 7.8,
"services": [
"80/http"
],
"severity": "high",
"summary": "The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"weakness": "CWE-400"
},
"CVE-2011-3348": {
"id": "CVE-2011-3348",
"references": [
"http://community.jboss.org/message/625307",
"http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21",
"http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html",
"http://marc.info/?l=bugtraq&m=131731002122529&w=2",
"http://marc.info/?l=bugtraq&m=132033751509019&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://secunia.com/advisories/46013",
"http://support.apple.com/kb/HT5130",
"http://www.apache.org/dist/httpd/Announcement2.2.html",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:168",
"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"http://www.redhat.com/support/errata/RHSA-2011-1391.html",
"http://www.securityfocus.com/bid/49616",
"http://www.securitytracker.com/id?1026054",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/69804",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14941",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18154"
],
"score": 4.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary \"error state\" in the backend server) via a malformed HTTP request.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"weakness": "CWE-400"
},
"CVE-2011-3368": {
"id": "CVE-2011-3368",
"references": [
"http://kb.juniper.net/JSA10585",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://osvdb.org/76079",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://seclists.org/fulldisclosure/2011/Oct/232",
"http://seclists.org/fulldisclosure/2011/Oct/273",
"http://secunia.com/advisories/46288",
"http://secunia.com/advisories/46414",
"http://secunia.com/advisories/48551",
"http://support.apple.com/kb/HT5501",
"http://svn.apache.org/viewvc?view=revision&revision=1179239",
"http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt",
"http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42",
"http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48",
"http://www.contextis.com/research/blog/reverseproxybypass/",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.exploit-db.com/exploits/17969",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:144",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.redhat.com/support/errata/RHSA-2011-1391.html",
"http://www.redhat.com/support/errata/RHSA-2011-1392.html",
"http://www.securityfocus.com/bid/49957",
"http://www.securitytracker.com/id?1026144",
"https://bugzilla.redhat.com/show_bug.cgi?id=740045",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/70336",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"http://kb.juniper.net/JSA10585",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://osvdb.org/76079",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://seclists.org/fulldisclosure/2011/Oct/232",
"http://seclists.org/fulldisclosure/2011/Oct/273",
"http://secunia.com/advisories/46288",
"http://secunia.com/advisories/46414",
"http://secunia.com/advisories/48551",
"http://support.apple.com/kb/HT5501",
"http://svn.apache.org/viewvc?view=revision&revision=1179239",
"http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt",
"http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42",
"http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48",
"http://www.contextis.com/research/blog/reverseproxybypass/",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.exploit-db.com/exploits/17969",
"http://www.mandriva.com/security/advisories?name=MDVSA-2011:144",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.redhat.com/support/errata/RHSA-2011-1391.html",
"http://www.redhat.com/support/errata/RHSA-2011-1392.html",
"http://www.securityfocus.com/bid/49957",
"http://www.securitytracker.com/id?1026144",
"https://bugzilla.redhat.com/show_bug.cgi?id=740045",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/70336",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.",
"vector_string": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"weakness": "CWE-20"
},
"CVE-2011-3607": {
"id": "CVE-2011-3607",
"references": [
"http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.html",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://secunia.com/advisories/45793",
"http://secunia.com/advisories/48551",
"http://securitytracker.com/id?1026267",
"http://support.apple.com/kb/HT5501",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/",
"http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html",
"http://www.mandriva.com/security/advisories?name=MDVSA-2012:003",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.osvdb.org/76744",
"http://www.securityfocus.com/bid/50494",
"https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422",
"https://bugzilla.redhat.com/show_bug.cgi?id=750935",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/71093",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"http://archives.neohapsis.com/archives/fulldisclosure/2011-11/0023.html",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://secunia.com/advisories/45793",
"http://secunia.com/advisories/48551",
"http://securitytracker.com/id?1026267",
"http://support.apple.com/kb/HT5501",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/",
"http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html",
"http://www.mandriva.com/security/advisories?name=MDVSA-2012:003",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.osvdb.org/76744",
"http://www.securityfocus.com/bid/50494",
"https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/811422",
"https://bugzilla.redhat.com/show_bug.cgi?id=750935",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/71093",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 4.4,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.",
"vector_string": "AV:L/AC:M/Au:N/C:P/I:P/A:P",
"weakness": "CWE-189"
},
"CVE-2011-3639": {
"id": "CVE-2011-3639",
"references": [
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://svn.apache.org/viewvc?view=revision&revision=1188745",
"http://www.debian.org/security/2012/dsa-2405",
"https://bugzilla.redhat.com/show_bug.cgi?id=752080",
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://svn.apache.org/viewvc?view=revision&revision=1188745",
"http://www.debian.org/security/2012/dsa-2405",
"https://bugzilla.redhat.com/show_bug.cgi?id=752080"
],
"score": 4.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-20"
},
"CVE-2011-4317": {
"id": "CVE-2011-4317",
"references": [
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://kb.juniper.net/JSA10585",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://secunia.com/advisories/48551",
"http://support.apple.com/kb/HT5501",
"http://thread.gmane.org/gmane.comp.apache.devel/46440",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.mandriva.com/security/advisories?name=MDVSA-2012:003",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.securitytracker.com/id?1026353",
"https://bugzilla.redhat.com/show_bug.cgi?id=756483",
"https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://kb.juniper.net/JSA10585",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://secunia.com/advisories/48551",
"http://support.apple.com/kb/HT5501",
"http://thread.gmane.org/gmane.comp.apache.devel/46440",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.mandriva.com/security/advisories?name=MDVSA-2012:003",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.securitytracker.com/id?1026353",
"https://bugzilla.redhat.com/show_bug.cgi?id=756483",
"https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 4.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-20"
},
"CVE-2011-4415": {
"id": "CVE-2011-4415",
"references": [
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://www.gossamer-threads.com/lists/apache/dev/403775",
"http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/",
"http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://www.gossamer-threads.com/lists/apache/dev/403775",
"http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/",
"http://www.halfdog.net/Security/2011/ApacheModSetEnvIfIntegerOverflow/DemoExploit.html"
],
"score": 1.2,
"services": [
"80/http"
],
"severity": "low",
"summary": "The ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, does not restrict the size of values of environment variables, which allows local users to cause a denial of service (memory consumption or NULL pointer dereference) via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, related to (1) the \"len +=\" statement and (2) the apr_pcalloc function call, a different vulnerability than CVE-2011-3607.",
"vector_string": "AV:L/AC:H/Au:N/C:N/I:N/A:P",
"weakness": "CWE-20"
},
"CVE-2012-0031": {
"id": "CVE-2012-0031",
"references": [
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://secunia.com/advisories/47410",
"http://secunia.com/advisories/48551",
"http://support.apple.com/kb/HT5501",
"http://svn.apache.org/viewvc?view=revision&revision=1230065",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/",
"http://www.mandriva.com/security/advisories?name=MDVSA-2012:012",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.securityfocus.com/bid/51407",
"https://bugzilla.redhat.com/show_bug.cgi?id=773744",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://marc.info/?l=bugtraq&m=134987041210674&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://secunia.com/advisories/47410",
"http://secunia.com/advisories/48551",
"http://support.apple.com/kb/HT5501",
"http://svn.apache.org/viewvc?view=revision&revision=1230065",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.halfdog.net/Security/2011/ApacheScoreboardInvalidFreeOnShutdown/",
"http://www.mandriva.com/security/advisories?name=MDVSA-2012:012",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.securityfocus.com/bid/51407",
"https://bugzilla.redhat.com/show_bug.cgi?id=773744",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 4.6,
"services": [
"80/http"
],
"severity": "medium",
"summary": "scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.",
"vector_string": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2012-0053": {
"id": "CVE-2012-0053",
"references": [
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://kb.juniper.net/JSA10585",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=133951357207000&w=2",
"http://marc.info/?l=bugtraq&m=133951357207000&w=2",
"http://marc.info/?l=bugtraq&m=136441204617335&w=2",
"http://marc.info/?l=bugtraq&m=136441204617335&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://secunia.com/advisories/48551",
"http://support.apple.com/kb/HT5501",
"http://svn.apache.org/viewvc?view=revision&revision=1235454",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.mandriva.com/security/advisories?name=MDVSA-2012:012",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.securityfocus.com/bid/51706",
"https://bugzilla.redhat.com/show_bug.cgi?id=785069",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://kb.juniper.net/JSA10585",
"http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-02/msg00026.html",
"http://lists.opensuse.org/opensuse-security-announce/2012-03/msg00002.html",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133294460209056&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=133494237717847&w=2",
"http://marc.info/?l=bugtraq&m=133951357207000&w=2",
"http://marc.info/?l=bugtraq&m=133951357207000&w=2",
"http://marc.info/?l=bugtraq&m=136441204617335&w=2",
"http://marc.info/?l=bugtraq&m=136441204617335&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-0128.html",
"http://rhn.redhat.com/errata/RHSA-2012-0542.html",
"http://rhn.redhat.com/errata/RHSA-2012-0543.html",
"http://secunia.com/advisories/48551",
"http://support.apple.com/kb/HT5501",
"http://svn.apache.org/viewvc?view=revision&revision=1235454",
"http://www.debian.org/security/2012/dsa-2405",
"http://www.mandriva.com/security/advisories?name=MDVSA-2012:012",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:150",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
"http://www.securityfocus.com/bid/51706",
"https://bugzilla.redhat.com/show_bug.cgi?id=785069",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 4.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2012-0883": {
"id": "CVE-2012-0883",
"references": [
"http://article.gmane.org/gmane.comp.apache.devel/48158",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://marc.info/?l=bugtraq&m=134012830914727&w=2",
"http://secunia.com/advisories/48849",
"http://support.apple.com/kb/HT5880",
"http://svn.apache.org/viewvc?view=revision&revision=1296428",
"http://www.apache.org/dist/httpd/Announcement2.4.html",
"http://www.apachelounge.com/Changelog-2.4.html",
"http://www.securityfocus.com/bid/53046",
"http://www.securitytracker.com/id?1026932",
"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"https://exchange.xforce.ibmcloud.com/vulnerabilities/74901",
"https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c03839862",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
],
"score": 6.9,
"services": [
"80/http"
],
"severity": "medium",
"summary": "envvars (aka envvars-std) in the Apache HTTP Server before 2.4.2 places a zero-length directory name in the LD_LIBRARY_PATH, which allows local users to gain privileges via a Trojan horse DSO in the current working directory during execution of apachectl.",
"vector_string": "AV:L/AC:M/Au:N/C:C/I:C/A:C",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2012-2687": {
"id": "CVE-2012-2687",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3E",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-1591.html",
"http://rhn.redhat.com/errata/RHSA-2012-1592.html",
"http://rhn.redhat.com/errata/RHSA-2012-1594.html",
"http://rhn.redhat.com/errata/RHSA-2013-0130.html",
"http://secunia.com/advisories/50894",
"http://secunia.com/advisories/51607",
"http://support.apple.com/kb/HT5880",
"http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f",
"http://www.apache.org/dist/httpd/CHANGES_2.4.3",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"http://www.securityfocus.com/bid/55131",
"http://www.ubuntu.com/usn/USN-1627-1",
"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18832",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19539",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00011.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://mail-archives.apache.org/mod_mbox/www-announce/201208.mbox/%3C0BFFEA9B-801B-4BAA-9534-56F640268E30%40apache.org%3E",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://rhn.redhat.com/errata/RHSA-2012-1591.html",
"http://rhn.redhat.com/errata/RHSA-2012-1592.html",
"http://rhn.redhat.com/errata/RHSA-2012-1594.html",
"http://rhn.redhat.com/errata/RHSA-2013-0130.html",
"http://secunia.com/advisories/50894",
"http://secunia.com/advisories/51607",
"http://support.apple.com/kb/HT5880",
"http://www-01.ibm.com/support/docview.wss?uid=nas2a2b50a0ca011b37c86257a96003c9a4f",
"http://www.apache.org/dist/httpd/CHANGES_2.4.3",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html",
"http://www.securityfocus.com/bid/55131",
"http://www.ubuntu.com/usn/USN-1627-1",
"http://www.xerox.com/download/security/security-bulletin/16287-4d6b7b0c81f7b/cert_XRX13-003_v1.0.pdf",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18832",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19539"
],
"score": 2.6,
"services": [
"80/http"
],
"severity": "low",
"summary": "Multiple cross-site scripting (XSS) vulnerabilities in the make_variant_list function in mod_negotiation.c in the mod_negotiation module in the Apache HTTP Server 2.4.x before 2.4.3, when the MultiViews option is enabled, allow remote attackers to inject arbitrary web script or HTML via a crafted filename that is not properly handled during construction of a variant list.",
"vector_string": "AV:N/AC:H/Au:N/C:N/I:P/A:N",
"weakness": "CWE-79"
},
"CVE-2012-3499": {
"id": "CVE-2012-3499",
"references": [
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-0815.html",
"http://rhn.redhat.com/errata/RHSA-2013-1207.html",
"http://rhn.redhat.com/errata/RHSA-2013-1208.html",
"http://rhn.redhat.com/errata/RHSA-2013-1209.html",
"http://secunia.com/advisories/55032",
"http://support.apple.com/kb/HT5880",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_info.c?r1=1225799&r2=1413732&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1389564&r2=1413732&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap_cache_mgr.c?r1=1209766&r2=1418752&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_imagemap.c?r1=1398480&r2=1413732&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c?r1=1404625&r2=1413732&diff_format=h",
"http://www.debian.org/security/2013/dsa-2637",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"http://www.securityfocus.com/bid/58165",
"http://www.securityfocus.com/bid/64758",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19312",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-0815.html",
"http://rhn.redhat.com/errata/RHSA-2013-1207.html",
"http://rhn.redhat.com/errata/RHSA-2013-1208.html",
"http://rhn.redhat.com/errata/RHSA-2013-1209.html",
"http://secunia.com/advisories/55032",
"http://support.apple.com/kb/HT5880",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_info.c?r1=1225799&r2=1413732&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1389564&r2=1413732&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/ldap/util_ldap_cache_mgr.c?r1=1209766&r2=1418752&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/mappers/mod_imagemap.c?r1=1398480&r2=1413732&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_ftp.c?r1=1404625&r2=1413732&diff_format=h",
"http://www.debian.org/security/2013/dsa-2637",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"http://www.securityfocus.com/bid/58165",
"http://www.securityfocus.com/bid/64758",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19312"
],
"score": 4.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors involving hostnames and URIs in the (1) mod_imagemap, (2) mod_info, (3) mod_ldap, (4) mod_proxy_ftp, and (5) mod_status modules.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-79"
},
"CVE-2012-4557": {
"id": "CVE-2012-4557",
"references": [
"http://httpd.apache.org/security/vulnerabilities_22.html#2.2.22",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html",
"http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://svn.apache.org/viewvc?view=revision&revision=1227298",
"http://www.debian.org/security/2012/dsa-2579",
"https://bugzilla.redhat.com/show_bug.cgi?id=871685",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18938",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19284"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The mod_proxy_ajp module in the Apache HTTP Server 2.2.12 through 2.2.21 places a worker node into an error state upon detection of a long request-processing time, which allows remote attackers to cause a denial of service (worker consumption) via an expensive request.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-399"
},
"CVE-2012-4558": {
"id": "CVE-2012-4558",
"references": [
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-0815.html",
"http://rhn.redhat.com/errata/RHSA-2013-1207.html",
"http://rhn.redhat.com/errata/RHSA-2013-1208.html",
"http://rhn.redhat.com/errata/RHSA-2013-1209.html",
"http://support.apple.com/kb/HT5880",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c?r1=1404653&r2=1413732&diff_format=h",
"http://www.debian.org/security/2013/dsa-2637",
"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"http://www.securityfocus.com/bid/58165",
"http://www.securityfocus.com/bid/64758",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18977",
"http://httpd.apache.org/security/vulnerabilities_22.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html",
"http://lists.fedoraproject.org/pipermail/package-announce/2013-April/101196.html",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://marc.info/?l=bugtraq&m=136612293908376&w=2",
"http://rhn.redhat.com/errata/RHSA-2013-0815.html",
"http://rhn.redhat.com/errata/RHSA-2013-1207.html",
"http://rhn.redhat.com/errata/RHSA-2013-1208.html",
"http://rhn.redhat.com/errata/RHSA-2013-1209.html",
"http://support.apple.com/kb/HT5880",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_balancer.c?r1=1404653&r2=1413732&diff_format=h",
"http://www.debian.org/security/2013/dsa-2637",
"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"http://www.securityfocus.com/bid/58165",
"http://www.securityfocus.com/bid/64758",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18977"
],
"score": 4.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Multiple cross-site scripting (XSS) vulnerabilities in the balancer_handler function in the manager interface in mod_proxy_balancer.c in the mod_proxy_balancer module in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via a crafted string.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"weakness": "CWE-79"
},
"CVE-2013-1862": {
"id": "CVE-2013-1862",
"references": [
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html",
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html",
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html",
"http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch",
"http://rhn.redhat.com/errata/RHSA-2013-0815.html",
"http://rhn.redhat.com/errata/RHSA-2013-1207.html",
"http://rhn.redhat.com/errata/RHSA-2013-1208.html",
"http://rhn.redhat.com/errata/RHSA-2013-1209.html",
"http://secunia.com/advisories/55032",
"http://support.apple.com/kb/HT6150",
"http://svn.apache.org/viewvc?view=revision&revision=r1469311",
"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1862",
"http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:174",
"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"http://www.securityfocus.com/bid/59826",
"http://www.securityfocus.com/bid/64758",
"http://www.ubuntu.com/usn/USN-1903-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=953729",
"https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken",
"https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18790",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19534",
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html",
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html",
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html",
"http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch",
"http://rhn.redhat.com/errata/RHSA-2013-0815.html",
"http://rhn.redhat.com/errata/RHSA-2013-1207.html",
"http://rhn.redhat.com/errata/RHSA-2013-1208.html",
"http://rhn.redhat.com/errata/RHSA-2013-1209.html",
"http://secunia.com/advisories/55032",
"http://support.apple.com/kb/HT6150",
"http://svn.apache.org/viewvc?view=revision&revision=r1469311",
"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1862",
"http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
"http://www.fujitsu.com/global/support/software/security/products-f/interstage-201303e.html",
"http://www.mandriva.com/security/advisories?name=MDVSA-2013:174",
"http://www.oracle.com/technetwork/topics/security/cpujan2014-1972949.html",
"http://www.securityfocus.com/bid/59826",
"http://www.securityfocus.com/bid/64758",
"http://www.ubuntu.com/usn/USN-1903-1",
"https://bugzilla.redhat.com/show_bug.cgi?id=953729",
"https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken",
"https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken",
"https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18790",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19534"
],
"score": 5.1,
"services": [
"80/http"
],
"severity": "medium",
"summary": "mod_rewrite.c in the mod_rewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator.",
"vector_string": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2013-1896": {
"id": "CVE-2013-1896",
"references": [
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00026.html",
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00029.html",
"http://lists.opensuse.org/opensuse-updates/2013-08/msg00030.html",
"http://rhn.redhat.com/errata/RHSA-2013-1156.html",
"http://rhn.redhat.com/errata/RHSA-2013-1207.html",
"http://rhn.redhat.com/errata/RHSA-2013-1208.html",
"http://rhn.redhat.com/errata/RHSA-2013-1209.html",
"http://secunia.com/advisories/55032",
"http://support.apple.com/kb/HT6150",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?r1=1482522&r2=1485668&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/mod_dav.c?view=log",
"http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-1896",
"http://www-01.ibm.com/support/docview.wss?uid=swg21644047",
"http://www.apache.org/dist/httpd/Announcement2.2.html",
"http://www.securityfocus.com/bid/61129",
"http://www.ubuntu.com/usn/USN-1903-1",
"https://h20566.www2.hp.com/portal/site/hpsc/template.PAGE/public/kb/docDisplay/?spf_p.tpst=kbDocDisplay&spf_p.prp_kbDocDisplay=wsrp-navigationalState%3DdocId%253Demr_na-c03922406-1%257CdocLocale%253D%257CcalledBy%253D&javax.portlet.begCacheTok=com.vignette.cachetoken&javax.portlet.endCacheTok=com.vignette.cachetoken",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18835",
"https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19747"
],
"score": 4.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "mod_dav.c in the Apache HTTP Server before 2.2.25 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service (segmentation fault) via a MERGE request in which the URI is configured for handling by the mod_dav_svn module, but a certain href attribute in XML data refers to a non-DAV URI.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2013-5704": {
"id": "CVE-2013-5704",
"references": [
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://martin.swende.se/blog/HTTPChunked.html",
"http://rhn.redhat.com/errata/RHSA-2015-0325.html",
"http://rhn.redhat.com/errata/RHSA-2015-1249.html",
"http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"http://rhn.redhat.com/errata/RHSA-2016-0061.html",
"http://rhn.redhat.com/errata/RHSA-2016-0062.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:174",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/66550",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://access.redhat.com/errata/RHSA-2015:2659",
"https://access.redhat.com/errata/RHSA-2015:2660",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659",
"https://support.apple.com/HT205219",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://marc.info/?l=apache-httpd-dev&m=139636309822854&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://martin.swende.se/blog/HTTPChunked.html",
"http://rhn.redhat.com/errata/RHSA-2015-0325.html",
"http://rhn.redhat.com/errata/RHSA-2015-1249.html",
"http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"http://rhn.redhat.com/errata/RHSA-2016-0061.html",
"http://rhn.redhat.com/errata/RHSA-2016-0062.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/proxy/mod_proxy_http.c?r1=1610674&r2=1610814&diff_format=h",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:174",
"http://www.oracle.com/technetwork/topics/security/bulletinjan2015-2370101.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2015-2367936.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/66550",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://access.redhat.com/errata/RHSA-2015:2659",
"https://access.redhat.com/errata/RHSA-2015:2660",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659",
"https://support.apple.com/HT205219"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The mod_headers module in the Apache HTTP Server 2.2.22 allows remote attackers to bypass \"RequestHeader unset\" directives by placing a header in the trailer portion of data sent with chunked transfer coding. NOTE: the vendor states \"this is not a security issue in httpd as such.\"",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2013-6438": {
"id": "CVE-2013-6438",
"references": [
"http://advisories.mageia.org/MGASA-2014-0135.html",
"http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=141017844705317&w=2",
"http://marc.info/?l=bugtraq&m=141390017113542&w=2",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://secunia.com/advisories/58230",
"http://secunia.com/advisories/59315",
"http://secunia.com/advisories/59345",
"http://secunia.com/advisories/60536",
"http://security.gentoo.org/glsa/glsa-201408-12.xml",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/dav/main/util.c?r1=1528718&r2=1556428&diff_format=h",
"http://www-01.ibm.com/support/docview.wss?uid=swg21669554",
"http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"http://www.apache.org/dist/httpd/CHANGES_2.4.9",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.securityfocus.com/archive/1/534161/100/0/threaded",
"http://www.securityfocus.com/bid/66303",
"http://www.ubuntu.com/usn/USN-2152-1",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2013-6438",
"https://support.apple.com/HT204659",
"https://support.apple.com/kb/HT6535"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The dav_xml_get_cdata function in main/util.c in the mod_dav module in the Apache HTTP Server before 2.4.8 does not properly remove whitespace characters from CDATA sections, which allows remote attackers to cause a denial of service (daemon crash) via a crafted DAV WRITE request.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2014-0098": {
"id": "CVE-2014-0098",
"references": [
"http://advisories.mageia.org/MGASA-2014-0135.html",
"http://archives.neohapsis.com/archives/bugtraq/2014-10/0101.html",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10698",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=141017844705317&w=2",
"http://marc.info/?l=bugtraq&m=141390017113542&w=2",
"http://seclists.org/fulldisclosure/2014/Dec/23",
"http://secunia.com/advisories/58230",
"http://secunia.com/advisories/58915",
"http://secunia.com/advisories/59219",
"http://secunia.com/advisories/59315",
"http://secunia.com/advisories/59345",
"http://secunia.com/advisories/60536",
"http://security.gentoo.org/glsa/glsa-201408-12.xml",
"http://support.f5.com/kb/en-us/solutions/public/15000/300/sol15320.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/loggers/mod_log_config.c?r1=1575394&r2=1575400&diff_format=h",
"http://www-01.ibm.com/support/docview.wss?uid=swg21668973",
"http://www-01.ibm.com/support/docview.wss?uid=swg21676091",
"http://www-01.ibm.com/support/docview.wss?uid=swg21676092",
"http://www.apache.org/dist/httpd/CHANGES_2.4.9",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.oracle.com/technetwork/topics/security/cpujul2014-1972956.html",
"http://www.securityfocus.com/archive/1/534161/100/0/threaded",
"http://www.securityfocus.com/bid/66303",
"http://www.ubuntu.com/usn/USN-2152-1",
"http://www.vmware.com/security/advisories/VMSA-2014-0012.html",
"https://blogs.oracle.com/sunsecurity/entry/multiple_input_validation_vulnerabilities_in1",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0098",
"https://support.apple.com/HT204659",
"https://support.apple.com/kb/HT6535"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon crash) via a crafted cookie that is not properly handled during truncation.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2014-0118": {
"id": "CVE-2014-0118",
"references": [
"http://advisories.mageia.org/MGASA-2014-0304.html",
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143748090628601&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://rhn.redhat.com/errata/RHSA-2014-1019.html",
"http://rhn.redhat.com/errata/RHSA-2014-1020.html",
"http://rhn.redhat.com/errata/RHSA-2014-1021.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/filters/mod_deflate.c?r1=1604353&r2=1610501&diff_format=h",
"http://www.debian.org/security/2014/dsa-2989",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.securityfocus.com/bid/68745",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120601",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0118",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659"
],
"score": 4.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The deflate_in_filter function in mod_deflate.c in the mod_deflate module in the Apache HTTP Server before 2.4.10, when request body decompression is enabled, allows remote attackers to cause a denial of service (resource consumption) via crafted request data that decompresses to a much larger size.",
"vector_string": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"weakness": "CWE-400"
},
"CVE-2014-0226": {
"id": "CVE-2014-0226",
"references": [
"http://advisories.mageia.org/MGASA-2014-0304.html",
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143748090628601&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://rhn.redhat.com/errata/RHSA-2014-1019.html",
"http://rhn.redhat.com/errata/RHSA-2014-1020.html",
"http://rhn.redhat.com/errata/RHSA-2014-1021.html",
"http://seclists.org/fulldisclosure/2014/Jul/114",
"http://secunia.com/advisories/60536",
"http://security.gentoo.org/glsa/glsa-201408-12.xml",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_status.c?r1=1450998&r2=1610491&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/lua/lua_request.c?r1=1588989&r2=1610491&diff_format=h",
"http://www.debian.org/security/2014/dsa-2989",
"http://www.exploit-db.com/exploits/34133",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.osvdb.org/109216",
"http://www.securityfocus.com/bid/68678",
"http://zerodayinitiative.com/advisories/ZDI-14-236/",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120603",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0226",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659",
"https://www.povonsec.com/apache-2-4-7-exploit/"
],
"score": 6.8,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Race condition in the mod_status module in the Apache HTTP Server before 2.4.10 allows remote attackers to cause a denial of service (heap-based buffer overflow), or possibly obtain sensitive credential information or execute arbitrary code, via a crafted request that triggers improper scoreboard handling within the status_handler function in modules/generators/mod_status.c and the lua_ap_scoreboard_worker function in modules/lua/lua_request.c.",
"vector_string": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"weakness": "CWE-362"
},
"CVE-2014-0231": {
"id": "CVE-2014-0231",
"references": [
"http://advisories.mageia.org/MGASA-2014-0304.html",
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143748090628601&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html",
"http://rhn.redhat.com/errata/RHSA-2014-1019.html",
"http://rhn.redhat.com/errata/RHSA-2014-1020.html",
"http://rhn.redhat.com/errata/RHSA-2014-1021.html",
"http://secunia.com/advisories/60536",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=h",
"http://www.debian.org/security/2014/dsa-2989",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.securityfocus.com/bid/68742",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120596",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0231",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659",
"http://advisories.mageia.org/MGASA-2014-0304.html",
"http://advisories.mageia.org/MGASA-2014-0305.html",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://lists.apple.com/archives/security-announce/2015/Apr/msg00001.html",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143403519711434&w=2",
"http://marc.info/?l=bugtraq&m=143748090628601&w=2",
"http://marc.info/?l=bugtraq&m=144050155601375&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://packetstormsecurity.com/files/130769/RSA-Digital-Certificate-Solution-XSS-Denial-Of-Service.html",
"http://rhn.redhat.com/errata/RHSA-2014-1019.html",
"http://rhn.redhat.com/errata/RHSA-2014-1020.html",
"http://rhn.redhat.com/errata/RHSA-2014-1021.html",
"http://secunia.com/advisories/60536",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/CHANGES",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1482522&r2=1535125&diff_format=h",
"http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/generators/mod_cgid.c?r1=1565711&r2=1610509&diff_format=h",
"http://www.debian.org/security/2014/dsa-2989",
"http://www.mandriva.com/security/advisories?name=MDVSA-2014:142",
"http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
"http://www.securityfocus.com/bid/68742",
"https://bugzilla.redhat.com/show_bug.cgi?id=1120596",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9821b0a32a1d0a1b4947abb6f3630053fcbb2ec905d9a32c2bd4d4ee%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/cve-2014-0231",
"https://security.gentoo.org/glsa/201504-03",
"https://support.apple.com/HT204659"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The mod_cgid module in the Apache HTTP Server before 2.4.10 does not have a timeout mechanism, which allows remote attackers to cause a denial of service (process hang) via a request to a CGI script that does not read from its stdin file descriptor.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-399"
},
"CVE-2015-0228": {
"id": "CVE-2015-0228",
"references": [
"http://advisories.mageia.org/MGASA-2015-0099.html",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/73041",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef",
"https://github.com/apache/httpd/commit/78eb3b9235515652ed141353d98c239237030410",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031",
"http://advisories.mageia.org/MGASA-2015-0099.html",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-03/msg00006.html",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x/CHANGES",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjan2016-2867209.html",
"http://www.securityfocus.com/bid/73041",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2523-1",
"https://github.com/apache/httpd/commit/643f0fcf3b8ab09a68f0ecd2aa37aafeda3e63ef",
"https://github.com/apache/httpd/commit/78eb3b9235515652ed141353d98c239237030410",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The lua_websocket_read function in lua_request.c in the mod_lua module in the Apache HTTP Server through 2.4.12 allows remote attackers to cause a denial of service (child-process crash) by sending a crafted WebSocket Ping frame after a Lua script has called the wsupgrade function.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"weakness": "CWE-20"
},
"CVE-2015-3183": {
"id": "CVE-2015-3183",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://rhn.redhat.com/errata/RHSA-2015-1667.html",
"http://rhn.redhat.com/errata/RHSA-2015-1668.html",
"http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"http://rhn.redhat.com/errata/RHSA-2016-0061.html",
"http://rhn.redhat.com/errata/RHSA-2016-0062.html",
"http://rhn.redhat.com/errata/RHSA-2016-2054.html",
"http://rhn.redhat.com/errata/RHSA-2016-2055.html",
"http://rhn.redhat.com/errata/RHSA-2016-2056.html",
"http://www.apache.org/dist/httpd/CHANGES_2.4",
"http://www.debian.org/security/2015/dsa-3325",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"http://www.securityfocus.com/bid/75963",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2686-1",
"https://access.redhat.com/errata/RHSA-2015:2659",
"https://access.redhat.com/errata/RHSA-2015:2660",
"https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6",
"https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/CVE-2015-3183",
"https://security.gentoo.org/glsa/201610-02",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735",
"http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html",
"http://lists.apple.com/archives/security-announce/2015/Sep/msg00004.html",
"http://lists.opensuse.org/opensuse-updates/2015-10/msg00011.html",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://marc.info/?l=bugtraq&m=144493176821532&w=2",
"http://rhn.redhat.com/errata/RHSA-2015-1666.html",
"http://rhn.redhat.com/errata/RHSA-2015-1667.html",
"http://rhn.redhat.com/errata/RHSA-2015-1668.html",
"http://rhn.redhat.com/errata/RHSA-2015-2661.html",
"http://rhn.redhat.com/errata/RHSA-2016-0061.html",
"http://rhn.redhat.com/errata/RHSA-2016-0062.html",
"http://rhn.redhat.com/errata/RHSA-2016-2054.html",
"http://rhn.redhat.com/errata/RHSA-2016-2055.html",
"http://rhn.redhat.com/errata/RHSA-2016-2056.html",
"http://www.apache.org/dist/httpd/CHANGES_2.4",
"http://www.debian.org/security/2015/dsa-3325",
"http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2015-2511968.html",
"http://www.oracle.com/technetwork/topics/security/cpujan2016-2367955.html",
"http://www.oracle.com/technetwork/topics/security/cpuoct2015-2367953.html",
"http://www.securityfocus.com/bid/75963",
"http://www.securityfocus.com/bid/91787",
"http://www.securitytracker.com/id/1032967",
"http://www.ubuntu.com/usn/USN-2686-1",
"https://access.redhat.com/errata/RHSA-2015:2659",
"https://access.redhat.com/errata/RHSA-2015:2660",
"https://github.com/apache/httpd/commit/a6027e56924bb6227c1fdbf6f91e7e2438338be6",
"https://github.com/apache/httpd/commit/e427c41257957b57036d5a549b260b6185d1dd73",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04832246",
"https://h20564.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04926789",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r83109088737656fa6307bd99ab40f8ff0269ae58d3f7272d7048494a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/ra7f6aeb28661fbf826969526585f16856abc4615877875f9d3b35ef4%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://puppet.com/security/cve/CVE-2015-3183",
"https://security.gentoo.org/glsa/201610-02",
"https://support.apple.com/HT205219",
"https://support.apple.com/kb/HT205031"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The chunked transfer coding implementation in the Apache HTTP Server before 2.4.14 does not properly parse chunk headers, which allows remote attackers to conduct HTTP request smuggling attacks via a crafted request, related to mishandling of large chunk-size values and invalid chunk-extension characters in modules/http/http_filters.c.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"weakness": "CWE-17"
},
"CVE-2016-4975": {
"id": "CVE-2016-4975",
"references": [
"http://www.securityfocus.com/bid/105093",
"https://httpd.apache.org/security/vulnerabilities_22.html#CVE-2016-4975",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-4975",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180926-0006/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us"
],
"score": 6.1,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the \"Location\" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"weakness": "CWE-93"
},
"CVE-2016-5387": {
"id": "CVE-2016-5387",
"references": [
"http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html",
"http://rhn.redhat.com/errata/RHSA-2016-1624.html",
"http://rhn.redhat.com/errata/RHSA-2016-1625.html",
"http://rhn.redhat.com/errata/RHSA-2016-1648.html",
"http://rhn.redhat.com/errata/RHSA-2016-1649.html",
"http://rhn.redhat.com/errata/RHSA-2016-1650.html",
"http://www.debian.org/security/2016/dsa-3623",
"http://www.kb.cert.org/vuls/id/797896",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"http://www.securityfocus.com/bid/91816",
"http://www.securitytracker.com/id/1036330",
"http://www.ubuntu.com/usn/USN-3038-1",
"https://access.redhat.com/errata/RHSA-2016:1420",
"https://access.redhat.com/errata/RHSA-2016:1421",
"https://access.redhat.com/errata/RHSA-2016:1422",
"https://access.redhat.com/errata/RHSA-2016:1635",
"https://access.redhat.com/errata/RHSA-2016:1636",
"https://access.redhat.com/errata/RHSA-2016:1851",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"https://httpoxy.org/",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/",
"https://security.gentoo.org/glsa/201701-36",
"https://support.apple.com/HT208221",
"https://www.apache.org/security/asf-httpoxy-response.txt",
"https://www.tenable.com/security/tns-2017-04",
"http://lists.opensuse.org/opensuse-updates/2016-07/msg00059.html",
"http://rhn.redhat.com/errata/RHSA-2016-1624.html",
"http://rhn.redhat.com/errata/RHSA-2016-1625.html",
"http://rhn.redhat.com/errata/RHSA-2016-1648.html",
"http://rhn.redhat.com/errata/RHSA-2016-1649.html",
"http://rhn.redhat.com/errata/RHSA-2016-1650.html",
"http://www.debian.org/security/2016/dsa-3623",
"http://www.kb.cert.org/vuls/id/797896",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2017-3236622.html",
"http://www.oracle.com/technetwork/topics/security/bulletinoct2016-3090566.html",
"http://www.oracle.com/technetwork/topics/security/linuxbulletinjul2016-3090544.html",
"http://www.securityfocus.com/bid/91816",
"http://www.securitytracker.com/id/1036330",
"http://www.ubuntu.com/usn/USN-3038-1",
"https://access.redhat.com/errata/RHSA-2016:1420",
"https://access.redhat.com/errata/RHSA-2016:1421",
"https://access.redhat.com/errata/RHSA-2016:1422",
"https://access.redhat.com/errata/RHSA-2016:1635",
"https://access.redhat.com/errata/RHSA-2016:1636",
"https://access.redhat.com/errata/RHSA-2016:1851",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03770en_us",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05320149",
"https://h20566.www2.hpe.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c05390722",
"https://httpoxy.org/",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WCTE7443AYZ4EGELWLVNANA2WJCJIYI/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NEKZAB7MTWVSMORHTEMCQNFFMIHCYF76/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QPQAPWQA774JPDRV4UIB2SZAX6D3UZCV/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TGNHXJJSWDXAOEYH5TMXDPQVJMQQJOAZ/",
"https://security.gentoo.org/glsa/201701-36",
"https://support.apple.com/HT208221",
"https://www.apache.org/security/asf-httpoxy-response.txt",
"https://www.tenable.com/security/tns-2017-04"
],
"score": 8.1,
"services": [
"80/http"
],
"severity": "high",
"summary": "The Apache HTTP Server through 2.4.23 follows RFC 3875 section 4.1.18 and therefore does not protect applications from the presence of untrusted client data in the HTTP_PROXY environment variable, which might allow remote attackers to redirect an application's outbound HTTP traffic to an arbitrary proxy server via a crafted Proxy header in an HTTP request, aka an \"httpoxy\" issue. NOTE: the vendor states \"This mitigation has been assigned the identifier CVE-2016-5387\"; in other words, this is not a CVE ID for a vulnerability.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2016-8612": {
"id": "CVE-2016-8612",
"references": [
"http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"http://www.securityfocus.com/bid/94939",
"https://access.redhat.com/errata/RHSA-2017:0193",
"https://access.redhat.com/errata/RHSA-2017:0194",
"https://bugzilla.redhat.com/show_bug.cgi?id=1387605",
"https://security.netapp.com/advisory/ntap-20180601-0005/",
"http://rhn.redhat.com/errata/RHSA-2016-2957.html",
"http://www.securityfocus.com/bid/94939",
"https://access.redhat.com/errata/RHSA-2017:0193",
"https://access.redhat.com/errata/RHSA-2017:0194",
"https://bugzilla.redhat.com/show_bug.cgi?id=1387605",
"https://security.netapp.com/advisory/ntap-20180601-0005/"
],
"score": 4.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Apache HTTP Server mod_cluster before version httpd 2.4.23 is vulnerable to an Improper Input Validation in the protocol parsing logic in the load balancer resulting in a Segmentation Fault in the serving httpd process.",
"vector_string": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"weakness": "CWE-20"
},
"CVE-2016-8743": {
"id": "CVE-2016-8743",
"references": [
"http://rhn.redhat.com/errata/RHSA-2017-1415.html",
"http://www.debian.org/security/2017/dsa-3796",
"http://www.securityfocus.com/bid/95077",
"http://www.securitytracker.com/id/1037508",
"https://access.redhat.com/errata/RHSA-2017:0906",
"https://access.redhat.com/errata/RHSA-2017:1161",
"https://access.redhat.com/errata/RHSA-2017:1413",
"https://access.redhat.com/errata/RHSA-2017:1414",
"https://access.redhat.com/errata/RHSA-2017:1721",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201701-36",
"https://security.netapp.com/advisory/ntap-20180423-0001/",
"https://support.apple.com/HT208221",
"https://www.tenable.com/security/tns-2017-04",
"http://rhn.redhat.com/errata/RHSA-2017-1415.html",
"http://www.debian.org/security/2017/dsa-3796",
"http://www.securityfocus.com/bid/95077",
"http://www.securitytracker.com/id/1037508",
"https://access.redhat.com/errata/RHSA-2017:0906",
"https://access.redhat.com/errata/RHSA-2017:1161",
"https://access.redhat.com/errata/RHSA-2017:1413",
"https://access.redhat.com/errata/RHSA-2017:1414",
"https://access.redhat.com/errata/RHSA-2017:1721",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbmu03753en_us",
"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-8743",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r09b8a39d1262adbab5528eea73df1b1f93e919bf004ed5a843d9cad1%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r4fe84db67fe9dc906c6185e58bbd9913f4356dd555a5c3db490694e5%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r94284b139540e5287ebdd3450682d3e3d187263dd6b75af8fa7d4890%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcb6c7b9e7ca727a7eeeb5f13f89488a03981cfa0e7c3125f18fa239%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201701-36",
"https://security.netapp.com/advisory/ntap-20180423-0001/",
"https://support.apple.com/HT208221",
"https://www.tenable.com/security/tns-2017-04"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache HTTP Server, in all releases prior to 2.2.32 and 2.4.25, was liberal in the whitespace accepted from requests and sent in response lines and headers. Accepting these different behaviors represented a security concern when httpd participates in any chain of proxies or interacts with back-end application servers, either through mod_proxy or using conventional CGI mechanisms, and may result in request smuggling, response splitting and cache pollution.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-2017-3167": {
"id": "CVE-2017-3167",
"references": [
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99135",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09",
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99135",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8409e41a8f7dd9ded37141c38df001be930115428c3d64f70bbdb8b4%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-287"
},
"CVE-2017-3169": {
"id": "CVE-2017-3169",
"references": [
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99134",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://github.com/gottburgm/Exploits/tree/master/CVE-2017-3169",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84bf7fcc5cad35d355f11839cbdd13cbc5ffc1d34675090bff0f96ae%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-476"
},
"CVE-2017-7679": {
"id": "CVE-2017-7679",
"references": [
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99170",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09",
"http://www.debian.org/security/2017/dsa-3896",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99170",
"http://www.securitytracker.com/id/1038711",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://github.com/gottburgm/Exploits/tree/master/CVE-2017-7679",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f4515e580dfb6eeca589a5cdebd4c4c709ce632b12924f343c3b7751%40%3Cdev.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbhf03821en_us",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.nomachine.com/SU08O00185",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-126"
},
"CVE-2017-9788": {
"id": "CVE-2017-9788",
"references": [
"http://www.debian.org/security/2017/dsa-3913",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99569",
"http://www.securitytracker.com/id/1038906",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:2708",
"https://access.redhat.com/errata/RHSA-2017:2709",
"https://access.redhat.com/errata/RHSA-2017:2710",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://httpd.apache.org/security/vulnerabilities_22.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20170911-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.tenable.com/security/tns-2019-09",
"http://www.debian.org/security/2017/dsa-3913",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2017-3236626.html",
"http://www.securityfocus.com/bid/99569",
"http://www.securitytracker.com/id/1038906",
"https://access.redhat.com/errata/RHSA-2017:2478",
"https://access.redhat.com/errata/RHSA-2017:2479",
"https://access.redhat.com/errata/RHSA-2017:2483",
"https://access.redhat.com/errata/RHSA-2017:2708",
"https://access.redhat.com/errata/RHSA-2017:2709",
"https://access.redhat.com/errata/RHSA-2017:2710",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://httpd.apache.org/security/vulnerabilities_22.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/0dd69204a6bd643cc4e9ccd008f07a9375525d977c6ebeb07a881afb%40%3Cannounce.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r8c9983f1172a3415f915ddb7e14de632d2d0c326eb1285755a024165%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20170911-0002/",
"https://support.apple.com/HT208221",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03908en_us",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 9.1,
"services": [
"80/http"
],
"severity": "critical",
"summary": "In Apache httpd before 2.2.34 and 2.4.x before 2.4.27, the value placeholder in [Proxy-]Authorization headers of type 'Digest' was not initialized or reset before or between successive key=value assignments by mod_auth_digest. Providing an initial key with no '=' assignment could reflect the stale value of uninitialized pool memory used by the prior request, leading to leakage of potentially confidential information, and a segfault in other cases resulting in denial of service.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"weakness": "CWE-20"
},
"CVE-2017-9798": {
"id": "CVE-2017-9798",
"references": [
"http://openwall.com/lists/oss-security/2017/09/18/2",
"http://www.debian.org/security/2017/dsa-3980",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/100872",
"http://www.securityfocus.com/bid/105598",
"http://www.securitytracker.com/id/1039387",
"https://access.redhat.com/errata/RHSA-2017:2882",
"https://access.redhat.com/errata/RHSA-2017:2972",
"https://access.redhat.com/errata/RHSA-2017:3018",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a",
"https://github.com/hannob/optionsbleed",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security-tracker.debian.org/tracker/CVE-2017-9798",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0003/",
"https://support.apple.com/HT208331",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch",
"https://www.exploit-db.com/exploits/42745/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.tenable.com/security/tns-2019-09",
"http://openwall.com/lists/oss-security/2017/09/18/2",
"http://www.debian.org/security/2017/dsa-3980",
"http://www.oracle.com/technetwork/security-advisory/cpuapr2018-3678067.html",
"http://www.oracle.com/technetwork/security-advisory/cpujan2018-3236628.html",
"http://www.oracle.com/technetwork/security-advisory/cpujul2018-4258247.html",
"http://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html",
"http://www.securityfocus.com/bid/100872",
"http://www.securityfocus.com/bid/105598",
"http://www.securitytracker.com/id/1039387",
"https://access.redhat.com/errata/RHSA-2017:2882",
"https://access.redhat.com/errata/RHSA-2017:2972",
"https://access.redhat.com/errata/RHSA-2017:3018",
"https://access.redhat.com/errata/RHSA-2017:3113",
"https://access.redhat.com/errata/RHSA-2017:3114",
"https://access.redhat.com/errata/RHSA-2017:3193",
"https://access.redhat.com/errata/RHSA-2017:3194",
"https://access.redhat.com/errata/RHSA-2017:3195",
"https://access.redhat.com/errata/RHSA-2017:3239",
"https://access.redhat.com/errata/RHSA-2017:3240",
"https://access.redhat.com/errata/RHSA-2017:3475",
"https://access.redhat.com/errata/RHSA-2017:3476",
"https://access.redhat.com/errata/RHSA-2017:3477",
"https://blog.fuzzing-project.org/60-Optionsbleed-HTTP-OPTIONS-method-can-leak-Apaches-server-memory.html",
"https://blog.fuzzing-project.org/uploads/apache-2.2-optionsbleed-backport.patch",
"https://github.com/apache/httpd/commit/4cc27823899e070268b906ca677ee838d07cf67a",
"https://github.com/hannob/optionsbleed",
"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2017-9798",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security-tracker.debian.org/tracker/CVE-2017-9798",
"https://security.gentoo.org/glsa/201710-32",
"https://security.netapp.com/advisory/ntap-20180601-0003/",
"https://support.apple.com/HT208331",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://svn.apache.org/viewvc/httpd/httpd/branches/2.4.x/server/core.c?r1=1805223&r2=1807754&pathrev=1807754&view=patch",
"https://www.exploit-db.com/exploits/42745/",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-416"
},
"CVE-2018-1301": {
"id": "CVE-2018-1301",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/2",
"http://www.securityfocus.com/bid/103515",
"http://www.securitytracker.com/id/1040573",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/2",
"http://www.securityfocus.com/bid/103515",
"http://www.securitytracker.com/id/1040573",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r6521a7f62276340eabdb3339b2aa9a38c5f59d978497a1f794af53be%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2018/05/msg00020.html",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://usn.ubuntu.com/3937-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 5.9,
"services": [
"80/http"
],
"severity": "medium",
"summary": "A specially crafted request could have crashed the Apache HTTP Server prior to version 2.4.30, due to an out of bound access after a size limit is reached by reading the HTTP header. This vulnerability is considered very hard if not impossible to trigger in non-debug mode (both log and build level), so it is classified as low risk for common server usage.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-119"
},
"CVE-2018-1302": {
"id": "CVE-2018-1302",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/5",
"http://www.securityfocus.com/bid/103528",
"http://www.securitytracker.com/id/1040567",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3783-1/",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/5",
"http://www.securityfocus.com/bid/103528",
"http://www.securitytracker.com/id/1040567",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd336919f655b7ff309385e34a143e41c503e133da80414485b3abcc9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3783-1/",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 5.9,
"services": [
"80/http"
],
"severity": "medium",
"summary": "When an HTTP/2 stream was destroyed after being handled, the Apache HTTP Server prior to version 2.4.30 could have written a NULL pointer potentially to an already freed memory. The memory pools maintained by the server make this vulnerability hard to trigger in usual configurations, the reporter and the team could not reproduce it outside debug builds, so it is classified as low risk.",
"vector_string": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2018-1303": {
"id": "CVE-2018-1303",
"references": [
"http://www.openwall.com/lists/oss-security/2018/03/24/3",
"http://www.securityfocus.com/bid/103522",
"http://www.securitytracker.com/id/1040572",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09",
"http://www.openwall.com/lists/oss-security/2018/03/24/3",
"http://www.securityfocus.com/bid/103522",
"http://www.securitytracker.com/id/1040572",
"https://access.redhat.com/errata/RHSA-2018:3558",
"https://access.redhat.com/errata/RHSA-2019:0366",
"https://access.redhat.com/errata/RHSA-2019:0367",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r06f0d87ebb6d59ed8379633f36f72f5b1f79cadfda72ede0830b42cf%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r15f9aa4427581a1aecb4063f1b4b983511ae1c9935e2a0a6876dad3c%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/re473305a65b4db888e3556e4dae10c2a04ee89dcff2e26ecdbd860a9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rfcf929bd33a6833e3f0c35eebdad70d5060665f9c4e17ea467c66770%40%3Ccvs.httpd.apache.org%3E",
"https://security.netapp.com/advisory/ntap-20180601-0004/",
"https://support.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03909en_us",
"https://usn.ubuntu.com/3627-1/",
"https://usn.ubuntu.com/3627-2/",
"https://www.debian.org/security/2018/dsa-4164",
"https://www.tenable.com/security/tns-2019-09"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "A specially crafted HTTP request header could have crashed the Apache HTTP Server prior to version 2.4.30 due to an out of bound read while preparing data to be cached in shared memory. It could be used as a Denial of Service attack against users of mod_cache_socache. The vulnerability is considered as low risk since mod_cache_socache is not widely used, mod_cache_disk is not concerned by this vulnerability.",
"vector_string": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-125"
},
"CVE-2021-34798": {
"id": "CVE-2021-34798",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://kc.mcafee.com/corporate/index?page=content&id=SB10379",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Malformed requests may cause the server to dereference a NULL pointer. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-476"
},
"CVE-2021-39275": {
"id": "CVE-2021-39275",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "ap_escape_quotes() may write beyond the end of a buffer when given malicious input. No included modules pass untrusted data to these functions, but third-party / external modules may. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-787"
},
"CVE-2021-40438": {
"id": "CVE-2021-40438",
"references": [
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17",
"https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E",
"https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211008-0004/",
"https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ",
"https://www.debian.org/security/2021/dsa-4982",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2021-17",
"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40438"
],
"score": 9,
"services": [
"80/http"
],
"severity": "critical",
"summary": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"weakness": "CWE-918"
},
"CVE-2021-44790": {
"id": "CVE-2021-44790",
"references": [
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/4",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03",
"http://httpd.apache.org/security/vulnerabilities_24.html",
"http://packetstormsecurity.com/files/171631/Apache-2.4.x-Buffer-Overflow.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2021/12/20/4",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BFSWOH4X77CV7AH7C4RMHUBDWKQDL4YH/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20211224-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.debian.org/security/2022/dsa-5035",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujan2022.html",
"https://www.tenable.com/security/tns-2022-01",
"https://www.tenable.com/security/tns-2022-03"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-787"
},
"CVE-2022-22719": {
"id": "CVE-2022-22719",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "A carefully crafted request body can cause a read to a random memory area which could cause the process to crash. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-665"
},
"CVE-2022-22720": {
"id": "CVE-2022-22720",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.52 and earlier fails to close inbound connection when errors are encountered discarding the request body, exposing the server to HTTP Request Smuggling",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-444"
},
"CVE-2022-22721": {
"id": "CVE-2022-22721",
"references": [
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html",
"http://seclists.org/fulldisclosure/2022/May/33",
"http://seclists.org/fulldisclosure/2022/May/35",
"http://seclists.org/fulldisclosure/2022/May/38",
"http://www.openwall.com/lists/oss-security/2022/03/14/2",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2022/03/msg00033.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RGWILBORT67SHMSLYSQZG2NMXGCMPUZO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/X73C35MMMZGBVPQQCH7LQZUMYZNQA5FO/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z7H26WJ6TPKNWV3QKY4BHKUKQVUTZJTD/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220321-0001/",
"https://support.apple.com/kb/HT213255",
"https://support.apple.com/kb/HT213256",
"https://support.apple.com/kb/HT213257",
"https://www.oracle.com/security-alerts/cpuapr2022.html",
"https://www.oracle.com/security-alerts/cpujul2022.html"
],
"score": 9.1,
"services": [
"80/http"
],
"severity": "critical",
"summary": "If LimitXMLRequestBody is set to allow request bodies larger than 350MB (defaults to 1M) on 32 bit systems an integer overflow happens which later causes out of bounds writes. This issue affects Apache HTTP Server 2.4.52 and earlier.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
"weakness": "CWE-190"
},
"CVE-2022-28330": {
"id": "CVE-2022-28330",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/3",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Apache HTTP Server 2.4.53 and earlier on Windows may read beyond bounds when configured to process requests with the mod_isapi module.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-125"
},
"CVE-2022-28614": {
"id": "CVE-2022-28614",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/4",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "The ap_rwrite() function in Apache HTTP Server 2.4.53 and earlier may read unintended memory if an attacker can cause the server to reflect very large input using ap_rwrite() or ap_rputs(), such as with mod_luas r:puts() function. Modules compiled and distributed separately from Apache HTTP Server that use the 'ap_rputs' function and may pass it a very large (INT_MAX or larger) string must be compiled against current headers to resolve the issue.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"weakness": "CWE-190"
},
"CVE-2022-28615": {
"id": "CVE-2022-28615",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/9",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/9",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 9.1,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.53 and earlier may crash or disclose information due to a read beyond bounds in ap_strcmp_match() when provided with an extremely large input buffer. While no code distributed with the server can be coerced into such a call, third-party modules or lua scripts that use ap_strcmp_match() may hypothetically be affected.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H",
"weakness": "CWE-190"
},
"CVE-2022-29404": {
"id": "CVE-2022-29404",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/5",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/5",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "In Apache HTTP Server 2.4.53 and earlier, a malicious request to a lua script that calls r:parsebody(0) may cause a denial of service due to no default limit on possible input size.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2022-30556": {
"id": "CVE-2022-30556",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache HTTP Server 2.4.53 and earlier may return lengths to applications calling r:wsread() that point past the end of the storage allocated for the buffer.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-200"
},
"CVE-2022-31813": {
"id": "CVE-2022-31813",
"references": [
"http://www.openwall.com/lists/oss-security/2022/06/08/8",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/",
"http://www.openwall.com/lists/oss-security/2022/06/08/8",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7QUGG2QZWHTITMABFLVXA4DNYUOTPWYQ/",
"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YPY2BLEVJWFH34AX77ZJPLD2OOBYR6ND/",
"https://security.gentoo.org/glsa/202208-20",
"https://security.netapp.com/advisory/ntap-20220624-0005/"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Apache HTTP Server 2.4.53 and earlier may not send the X-Forwarded-* headers to the origin server based on client side Connection header hop-by-hop mechanism. This may be used to bypass IP based authentication on the origin server/application.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-348"
},
"CVE-2022-37436": {
"id": "CVE-2022-37436",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 5.3,
"services": [
"80/http"
],
"severity": "medium",
"summary": "Prior to Apache HTTP Server 2.4.55, a malicious backend can cause the response headers to be truncated early, resulting in some headers being incorporated into the response body. If the later headers have any security purpose, they will not be interpreted by the client.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"weakness": "CWE-113"
},
"CVE-2023-31122": {
"id": "CVE-2023-31122",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/",
"https://security.netapp.com/advisory/ntap-20231027-0011/",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/TI3V2YCEUM65QDYPGGNUZ7UONIM5OEXC/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/VZJTT5TEFNSBWVMKCLS6EZ7PI6EJYBCO/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/ZFDNHDH4VLFGDPY6MEZV2RO5N5FLFONW/",
"https://security.netapp.com/advisory/ntap-20231027-0011/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "Out-of-bounds Read vulnerability in mod_macro of Apache HTTP Server.This issue affects Apache HTTP Server: through 2.4.57.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-125"
},
"CVE-2023-45802": {
"id": "CVE-2023-45802",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2024/05/msg00013.html",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/",
"https://lists.fedoraproject.org/archives/list/[email protected]/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/",
"https://security.netapp.com/advisory/ntap-20231027-0011/"
],
"score": 5.9,
"services": [
"80/http"
],
"severity": "medium",
"summary": "When a HTTP/2 stream was reset (RST frame) by a client, there was a time window were the request's memory resources were not reclaimed immediately. Instead, de-allocation was deferred to connection close. A client could send new requests and resets, keeping the connection busy and open and causing the memory footprint to keep on growing. On connection close, all resources were reclaimed, but the process might run out of memory before that.nnThis was found by the reporter during testing ofxa0CVE-2023-44487 (HTTP/2 Rapid Reset Exploit) with their own test client. During \"normal\" HTTP/2 use, the probability to hit this bug is very low. The kept memory would not become noticeable before the connection closes or times out.nnUsers are recommended to upgrade to version 2.4.58, which fixes the issue.n",
"vector_string": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"weakness": "CWE-770"
},
"CVE-2024-40898": {
"id": "CVE-2024-40898",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"http://www.openwall.com/lists/oss-security/2024/07/17/7",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://security.netapp.com/advisory/ntap-20240808-0006/"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.\n\nUsers are recommended to upgrade to version 2.4.62 which fixes this issue. ",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"weakness": "CWE-918"
}
}
}