182.253.214.99
{
"scan_id": 1745085080,
"ip": "182.253.214.99",
"is_ipv4": true,
"is_ipv6": false,
"location": {
"network": "182.253.214.0/24",
"postal_code": "41371",
"coordinates": {
"latitude": "-6.2519",
"longitude": "107.3543"
},
"geo_point": "-6.2519, 107.3543",
"locale_code": "en",
"continent": "Asia",
"country_code": "ID",
"country_name": "Indonesia",
"city": "Karawang"
},
"location_updated_at": "2025-04-21T08:41:00Z",
"asn": {
"number": "AS17451",
"organization": "BIZNET NETWORKS",
"country_code": ""
},
"asn_updated_at": "0001-01-01T00:00:00Z",
"whois": {
"network": "182.253.0.0/16",
"organization": "Biznet Networks",
"descr": "Biznet Networks,\nInternet Service Provider,\nJakarta, Indonesia",
"_encoding": {
"raw": "BASE64"
}
},
"whois_updated_at": "2024-12-09T19:03:54Z",
"tags": [
{
"name": "is_anonymous_proxy",
"pretty_name": "Anonymous Proxy",
"value": false,
"last_updated_at": "2025-04-21T08:41:00Z"
},
{
"name": "is_cdn",
"pretty_name": "CDN",
"value": false,
"last_updated_at": "2025-04-21T10:31:02Z"
},
{
"name": "is_satellite_provider",
"pretty_name": "Satellite Provider",
"value": false,
"last_updated_at": "2025-04-21T08:41:00Z"
}
],
"services": [
{
"port": 80,
"protocol": "tcp",
"name": "http",
"version": "",
"product": "Apache httpd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:apache:http_server",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body_murmur": -1244580137,
"body_sha256": "a4ab4ae4aaa93906190596f9283fff616648b608521bcaeb9b71e034d04dfbf8",
"component": [
"Apache HTTP Server"
],
"content_length": 98,
"headers": {
"accept_ranges": [
"bytes"
],
"content_length": [
"98"
],
"content_type": [
"text/html; charset=UTF-8"
],
"date": [
"Sun, 20 Apr 2025 22:15:17 GMT"
],
"etag": [
"\"260a3e-62-4fe256e2f3cdc\""
],
"last_modified": [
"Mon, 14 Jul 2014 11:17:02 GMT"
],
"server": [
"Apache"
]
},
"protocol": "HTTP/1.1",
"status_code": 200
}
},
"cve": [
{
"id": "CVE-1999-0070",
"severity": "medium"
},
{
"id": "CVE-1999-1199",
"severity": "high"
},
{
"id": "CVE-2023-25690",
"severity": "critical"
}
],
"url": "http://182.253.214.99/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-04-20T22:13:07.284Z"
},
{
"port": 110,
"protocol": "tcp",
"name": "pop3",
"version": "",
"product": "Dovecot pop3d",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:dovecot:dovecot",
"part": "a",
"vendor": "dovecot",
"product": "dovecot",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"pop3": {
"banner": "+OK Dovecot ready.\r\n"
},
"tls": {
"certificate": {
"extensions": {
"authority_key_id": "e7d60ad64e31d74515efff6d85bf641475232827",
"basic_constraints": {
"is_ca": true
},
"subject_key_id": "e7d60ad64e31d74515efff6d85bf641475232827"
},
"fingerprint_md5": "FF1F0636B25ED1C6BBF1B695A9AE52BD",
"fingerprint_sha1": "1C12D3DF78AA5B8C83B1BC6ADAAB6A226E521560",
"fingerprint_sha256": "C7A4C7AB16BBF31B923372F02A8A88F1314E3BDC0A7282C0D6701D98B2EC6B37",
"issuer": {
"common_name": [
"mail4.metrindo.co.id"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"ShenZhen"
],
"organization": [
"mail4.metrindo.co.id"
],
"organizational_unit": [
"IT"
],
"province": [
"GuangDong"
]
},
"jarm": "00000000000000000000000000000000000000000000000000000000000000",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "10907012614849439011",
"signature": {
"algorithm": {
"name": "SHA1-RSA",
"oid": "1.2.840.113549.1.1.5"
},
"self_signed": true
},
"subject": {
"common_name": [
"mail4.metrindo.co.id"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"ShenZhen"
],
"organization": [
"mail4.metrindo.co.id"
],
"organizational_unit": [
"IT"
],
"province": [
"GuangDong"
]
},
"subject_alt_name": {
"dns_names": [
"mail4.metrindo.co.id"
],
"extended_dns_names": [
{
"domain": "metrindo",
"fld": "metrindo.co.id",
"subdomain": "mail4",
"tld": "co.id"
}
]
},
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "e16261eebc465d863a6d555fba39bd9a45f8a0c844c2d09ed108929693302892",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048
}
},
"tbs_fingerprint": "8a2677faeafbdd5795325932c2b7bfda81d314ebb940d5f1587433709cb48056",
"validation_level": "OV",
"validity": {
"length_seconds": 315360000,
"not_after": "2034-07-13T03:06:28",
"not_before": "2024-07-15T03:06:28"
},
"version": 2
},
"fingerprint_sha256": "C7A4C7AB16BBF31B923372F02A8A88F1314E3BDC0A7282C0D6701D98B2EC6B37",
"precert": false,
"tags": [
"ov",
"trusted",
"self_signed",
"root"
]
}
},
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-04-21T23:09:02.042Z"
},
{
"port": 143,
"protocol": "tcp",
"name": "imap",
"version": "",
"product": "Dovecot imapd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:dovecot:dovecot",
"part": "a",
"vendor": "dovecot",
"product": "dovecot",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"imap": {
"banner": "* OK [CAPABILITY IMAP4rev1 LITERAL+ SASL-IR LOGIN-REFERRALS ID ENABLE IDLE STARTTLS AUTH=PLAIN AUTH=LOGIN] Dovecot ready.\r\n"
},
"tls": {
"certificate": {
"extensions": {
"authority_key_id": "e7d60ad64e31d74515efff6d85bf641475232827",
"basic_constraints": {
"is_ca": true
},
"subject_key_id": "e7d60ad64e31d74515efff6d85bf641475232827"
},
"fingerprint_md5": "FF1F0636B25ED1C6BBF1B695A9AE52BD",
"fingerprint_sha1": "1C12D3DF78AA5B8C83B1BC6ADAAB6A226E521560",
"fingerprint_sha256": "C7A4C7AB16BBF31B923372F02A8A88F1314E3BDC0A7282C0D6701D98B2EC6B37",
"issuer": {
"common_name": [
"mail4.metrindo.co.id"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"ShenZhen"
],
"organization": [
"mail4.metrindo.co.id"
],
"organizational_unit": [
"IT"
],
"province": [
"GuangDong"
]
},
"jarm": "00000000000000000000000000000000000000000000000000000000000000",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "10907012614849439011",
"signature": {
"algorithm": {
"name": "SHA1-RSA",
"oid": "1.2.840.113549.1.1.5"
},
"self_signed": true
},
"subject": {
"common_name": [
"mail4.metrindo.co.id"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"ShenZhen"
],
"organization": [
"mail4.metrindo.co.id"
],
"organizational_unit": [
"IT"
],
"province": [
"GuangDong"
]
},
"subject_alt_name": {
"dns_names": [
"mail4.metrindo.co.id"
],
"extended_dns_names": [
{
"domain": "metrindo",
"fld": "metrindo.co.id",
"subdomain": "mail4",
"tld": "co.id"
}
]
},
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "e16261eebc465d863a6d555fba39bd9a45f8a0c844c2d09ed108929693302892",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048
}
},
"tbs_fingerprint": "8a2677faeafbdd5795325932c2b7bfda81d314ebb940d5f1587433709cb48056",
"validation_level": "OV",
"validity": {
"length_seconds": 315360000,
"not_after": "2034-07-13T03:06:28",
"not_before": "2024-07-15T03:06:28"
},
"version": 2
},
"fingerprint_sha256": "C7A4C7AB16BBF31B923372F02A8A88F1314E3BDC0A7282C0D6701D98B2EC6B37",
"precert": false,
"tags": [
"ov",
"trusted",
"self_signed",
"root"
]
}
},
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-04-20T19:27:50.477Z"
},
{
"port": 443,
"protocol": "tcp",
"name": "http",
"version": "",
"product": "Apache httpd",
"extra_info": "",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:apache:http_server",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body_murmur": -1244580137,
"body_sha256": "a4ab4ae4aaa93906190596f9283fff616648b608521bcaeb9b71e034d04dfbf8",
"component": [
"Apache HTTP Server"
],
"content_length": 98,
"headers": {
"accept_ranges": [
"bytes"
],
"content_length": [
"98"
],
"content_type": [
"text/html; charset=UTF-8"
],
"date": [
"Sun, 20 Apr 2025 16:04:37 GMT"
],
"etag": [
"\"260a3e-62-4fe256e2f3cdc\""
],
"last_modified": [
"Mon, 14 Jul 2014 11:17:02 GMT"
],
"server": [
"Apache"
]
},
"protocol": "HTTP/1.1",
"status_code": 200
},
"tls": {
"certificate": {
"extensions": {
"authority_key_id": "e7d60ad64e31d74515efff6d85bf641475232827",
"basic_constraints": {
"is_ca": true
},
"subject_key_id": "e7d60ad64e31d74515efff6d85bf641475232827"
},
"fingerprint_md5": "FF1F0636B25ED1C6BBF1B695A9AE52BD",
"fingerprint_sha1": "1C12D3DF78AA5B8C83B1BC6ADAAB6A226E521560",
"fingerprint_sha256": "C7A4C7AB16BBF31B923372F02A8A88F1314E3BDC0A7282C0D6701D98B2EC6B37",
"issuer": {
"common_name": [
"mail4.metrindo.co.id"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"ShenZhen"
],
"organization": [
"mail4.metrindo.co.id"
],
"organizational_unit": [
"IT"
],
"province": [
"GuangDong"
]
},
"jarm": "00000000000000000000000000000000000000000000000000000000000000",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "10907012614849439011",
"signature": {
"algorithm": {
"name": "SHA1-RSA",
"oid": "1.2.840.113549.1.1.5"
},
"self_signed": true
},
"subject": {
"common_name": [
"mail4.metrindo.co.id"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"ShenZhen"
],
"organization": [
"mail4.metrindo.co.id"
],
"organizational_unit": [
"IT"
],
"province": [
"GuangDong"
]
},
"subject_alt_name": {
"dns_names": [
"mail4.metrindo.co.id"
],
"extended_dns_names": [
{
"domain": "metrindo",
"fld": "metrindo.co.id",
"subdomain": "mail4",
"tld": "co.id"
}
]
},
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "e16261eebc465d863a6d555fba39bd9a45f8a0c844c2d09ed108929693302892",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048
}
},
"tbs_fingerprint": "8a2677faeafbdd5795325932c2b7bfda81d314ebb940d5f1587433709cb48056",
"validation_level": "OV",
"validity": {
"length_seconds": 315360000,
"not_after": "2034-07-13T03:06:28",
"not_before": "2024-07-15T03:06:28"
},
"version": 2
},
"fingerprint_sha256": "C7A4C7AB16BBF31B923372F02A8A88F1314E3BDC0A7282C0D6701D98B2EC6B37",
"precert": false,
"tags": [
"ov",
"trusted",
"self_signed",
"root"
]
}
},
"cve": [
{
"id": "CVE-1999-0070",
"severity": "medium"
},
{
"id": "CVE-1999-1199",
"severity": "high"
},
{
"id": "CVE-2023-25690",
"severity": "critical"
}
],
"url": "https://182.253.214.99/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-04-20T21:36:16.229Z"
},
{
"port": 587,
"protocol": "tcp",
"name": "smtp",
"version": "",
"product": "Postfix smtpd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:postfix:postfix",
"part": "a",
"vendor": "postfix",
"product": "postfix",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"smtp": {
"banner": "220 mail4.metrindo.co.id ESMTP Postfix\r\n"
},
"tls": {
"certificate": {
"extensions": {
"authority_key_id": "e7d60ad64e31d74515efff6d85bf641475232827",
"basic_constraints": {
"is_ca": true
},
"subject_key_id": "e7d60ad64e31d74515efff6d85bf641475232827"
},
"fingerprint_md5": "FF1F0636B25ED1C6BBF1B695A9AE52BD",
"fingerprint_sha1": "1C12D3DF78AA5B8C83B1BC6ADAAB6A226E521560",
"fingerprint_sha256": "C7A4C7AB16BBF31B923372F02A8A88F1314E3BDC0A7282C0D6701D98B2EC6B37",
"issuer": {
"common_name": [
"mail4.metrindo.co.id"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"ShenZhen"
],
"organization": [
"mail4.metrindo.co.id"
],
"organizational_unit": [
"IT"
],
"province": [
"GuangDong"
]
},
"jarm": "00000000000000000000000000000000000000000000000000000000000000",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "10907012614849439011",
"signature": {
"algorithm": {
"name": "SHA1-RSA",
"oid": "1.2.840.113549.1.1.5"
},
"self_signed": true
},
"subject": {
"common_name": [
"mail4.metrindo.co.id"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"ShenZhen"
],
"organization": [
"mail4.metrindo.co.id"
],
"organizational_unit": [
"IT"
],
"province": [
"GuangDong"
]
},
"subject_alt_name": {
"dns_names": [
"mail4.metrindo.co.id"
],
"extended_dns_names": [
{
"domain": "metrindo",
"fld": "metrindo.co.id",
"subdomain": "mail4",
"tld": "co.id"
}
]
},
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "e16261eebc465d863a6d555fba39bd9a45f8a0c844c2d09ed108929693302892",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048
}
},
"tbs_fingerprint": "8a2677faeafbdd5795325932c2b7bfda81d314ebb940d5f1587433709cb48056",
"validation_level": "OV",
"validity": {
"length_seconds": 315360000,
"not_after": "2034-07-13T03:06:28",
"not_before": "2024-07-15T03:06:28"
},
"version": 2
},
"fingerprint_sha256": "C7A4C7AB16BBF31B923372F02A8A88F1314E3BDC0A7282C0D6701D98B2EC6B37",
"precert": false,
"tags": [
"ov",
"trusted",
"self_signed",
"root"
]
}
},
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-04-17T18:57:56.784Z"
},
{
"port": 993,
"protocol": "tcp",
"name": "imap",
"version": "",
"product": "Dovecot imapd",
"extra_info": "",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:dovecot:dovecot",
"part": "a",
"vendor": "dovecot",
"product": "dovecot",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-04-15T13:57:08.213Z"
},
{
"port": 995,
"protocol": "tcp",
"name": "pop3",
"version": "",
"product": "Dovecot pop3d",
"extra_info": "",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:dovecot:dovecot",
"part": "a",
"vendor": "dovecot",
"product": "dovecot",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-04-20T13:09:38.882Z"
},
{
"port": 2525,
"protocol": "tcp",
"name": "smtp",
"version": "",
"product": "Postfix smtpd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:postfix:postfix",
"part": "a",
"vendor": "postfix",
"product": "postfix",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"smtp": {
"banner": "220 mail4.metrindo.co.id ESMTP Postfix\r\n"
},
"tls": {
"certificate": {
"extensions": {
"authority_key_id": "e7d60ad64e31d74515efff6d85bf641475232827",
"basic_constraints": {
"is_ca": true
},
"subject_key_id": "e7d60ad64e31d74515efff6d85bf641475232827"
},
"fingerprint_md5": "FF1F0636B25ED1C6BBF1B695A9AE52BD",
"fingerprint_sha1": "1C12D3DF78AA5B8C83B1BC6ADAAB6A226E521560",
"fingerprint_sha256": "C7A4C7AB16BBF31B923372F02A8A88F1314E3BDC0A7282C0D6701D98B2EC6B37",
"issuer": {
"common_name": [
"mail4.metrindo.co.id"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"ShenZhen"
],
"organization": [
"mail4.metrindo.co.id"
],
"organizational_unit": [
"IT"
],
"province": [
"GuangDong"
]
},
"jarm": "00000000000000000000000000000000000000000000000000000000000000",
"redacted": false,
"revocation": {
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "10907012614849439011",
"signature": {
"algorithm": {
"name": "SHA1-RSA",
"oid": "1.2.840.113549.1.1.5"
},
"self_signed": true
},
"subject": {
"common_name": [
"mail4.metrindo.co.id"
],
"country": [
"CN"
],
"email_address": [
"[email protected]"
],
"locality": [
"ShenZhen"
],
"organization": [
"mail4.metrindo.co.id"
],
"organizational_unit": [
"IT"
],
"province": [
"GuangDong"
]
},
"subject_alt_name": {
"dns_names": [
"mail4.metrindo.co.id"
],
"extended_dns_names": [
{
"domain": "metrindo",
"fld": "metrindo.co.id",
"subdomain": "mail4",
"tld": "co.id"
}
]
},
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "e16261eebc465d863a6d555fba39bd9a45f8a0c844c2d09ed108929693302892",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048
}
},
"tbs_fingerprint": "8a2677faeafbdd5795325932c2b7bfda81d314ebb940d5f1587433709cb48056",
"validation_level": "OV",
"validity": {
"length_seconds": 315360000,
"not_after": "2034-07-13T03:06:28",
"not_before": "2024-07-15T03:06:28"
},
"version": 2
},
"fingerprint_sha256": "C7A4C7AB16BBF31B923372F02A8A88F1314E3BDC0A7282C0D6701D98B2EC6B37",
"precert": false,
"tags": [
"ov",
"trusted",
"self_signed",
"root"
]
}
},
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-04-16T01:08:37.195Z"
},
{
"port": 3306,
"protocol": "tcp",
"name": "mysql",
"version": "",
"product": "MySQL",
"extra_info": "unauthorized",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:mysql:mysql",
"part": "a",
"vendor": "mysql",
"product": "mysql",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-04-20T16:36:18.881Z"
}
],
"services_hash": "02926ce4c5f1397793bd8f011449d50f022c313ead3cdce5b7d5d3df96c11105",
"last_updated_at": "2025-04-21T23:09:02.042Z",
"banner": [
"http",
"pop3",
"tls",
"imap",
"smtp"
],
"is_vuln": true,
"cveDetails": {
"CVE-1999-0070": {
"id": "CVE-1999-0070",
"references": [
"https://lists.apache.org/thread.html/rc5d27fc1e76dc5650e1a3f1db1de403120f4c2d041cb7352850455c2%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc5d27fc1e76dc5650e1a3f1db1de403120f4c2d041cb7352850455c2%40%3Cusers.httpd.apache.org%3E"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "test-cgi program allows an attacker to list files on the server.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-1999-1199": {
"id": "CVE-1999-1199",
"references": [
"http://marc.info/?l=bugtraq&m=90252779826784&w=2",
"http://marc.info/?l=bugtraq&m=90276683825862&w=2",
"http://marc.info/?l=bugtraq&m=90280517007869&w=2",
"http://marc.info/?l=bugtraq&m=90286768232093&w=2",
"http://www.redhat.com/support/errata/rh51-errata-general.html#apache",
"https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"http://marc.info/?l=bugtraq&m=90252779826784&w=2",
"http://marc.info/?l=bugtraq&m=90276683825862&w=2",
"http://marc.info/?l=bugtraq&m=90280517007869&w=2",
"http://marc.info/?l=bugtraq&m=90286768232093&w=2",
"http://www.redhat.com/support/errata/rh51-errata-general.html#apache",
"https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
],
"score": 10,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the \"sioux\" vulnerability.",
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"weakness": "NVD-CWE-Other"
},
"CVE-2023-25690": {
"id": "CVE-2023-25690",
"references": [
"http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"https://security.gentoo.org/glsa/202309-01",
"http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\n\n\n\n\nRewriteEngine on\nRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\nProxyPassReverse /here/ http://example.com:8080/\n\n\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-444"
},
"CVE-2023-27522": {
"id": "CVE-2023-27522",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.nnSpecial characters in the origin response header can truncate/split the response forwarded to the client.nnn",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-444"
}
}
}