182.255.5.28
{
"scan_id": 1764431206,
"ip": "182.255.5.28",
"is_ipv4": true,
"is_ipv6": false,
"location": {
"network": "182.255.4.0/22",
"postal_code": "50249",
"coordinates": {
"latitude": "-7.2722",
"longitude": "110.4753"
},
"geo_point": "-7.2722, 110.4753",
"locale_code": "en",
"continent": "Asia",
"country_code": "ID",
"country_name": "Indonesia",
"city": "Semarang"
},
"location_updated_at": "2025-11-27T16:42:23Z",
"asn": {
"number": "AS46049",
"organization": "Universitas Diponegoro",
"country_code": "ID"
},
"asn_updated_at": "0001-01-01T00:00:00Z",
"whois": {
"network": "182.255.0.0/21",
"organization": "Route Object of Universitas Diponegoro",
"descr": "Route Object of Universitas Diponegoro,\nUniversity / Direct Member IDNIC,\nSemarang, Jawa Tengah",
"_encoding": {
"raw": "BASE64"
}
},
"whois_updated_at": "2024-12-09T11:27:01Z",
"tags": [
{
"name": "is_anonymous_proxy",
"pretty_name": "Anonymous Proxy",
"value": false,
"last_updated_at": "2025-11-27T16:42:23Z"
},
{
"name": "is_cdn",
"pretty_name": "CDN",
"value": false,
"last_updated_at": "2025-11-27T19:59:21Z"
},
{
"name": "is_satellite_provider",
"pretty_name": "Satellite Provider",
"value": false,
"last_updated_at": "2025-11-27T16:42:23Z"
}
],
"services": [
{
"port": 80,
"protocol": "tcp",
"name": "http",
"version": "",
"product": "Apache httpd",
"extra_info": "",
"tunnel": "",
"softwares": [
{
"uri": "cpe:/a:apache:http_server",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<html><head><META HTTP-EQUIV=\"Cache-control\" CONTENT=\"no-cache\"><META HTTP-EQUIV=\"refresh\" CONTENT=\"0;URL=/cgi-sys/defaultwebpage.cgi\"></head><body></body></html>\n",
"body_murmur": -1507725539,
"body_sha256": "9278d16ed2fdcd5dc651615b0b8adc6b55fb667a9d106a9891b861d4561d9a24",
"component": [
"Apache HTTP Server"
],
"content_length": -1,
"headers": {
"accept_ranges": [
"bytes"
],
"cache_control": [
"max-age=0, no-cache, no-store, must-revalidate"
],
"connection": [
"Upgrade"
],
"content_type": [
"text/html"
],
"date": [
"Sun, 30 Nov 2025 04:21:53 GMT"
],
"pragma": [
"no-cache"
],
"server": [
"Apache"
],
"unknown": [
{
"key": "x_mod_pagespeed",
"value": [
"1.13.35.2-0"
]
}
],
"upgrade": [
"h2,h2c"
],
"vary": [
"Accept-Encoding"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "182.255.5.28",
"path": "",
"scheme": "http"
}
},
"status_code": 200
}
},
"cve": [
{
"id": "CVE-1999-0070",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-1999-1199",
"score": 10,
"severity": "high"
},
{
"id": "CVE-2023-25690",
"score": 9.8,
"severity": "critical"
}
],
"url": "http://182.255.5.28/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-30T04:21:53.96Z"
},
{
"port": 443,
"protocol": "tcp",
"name": "http",
"version": "",
"product": "Apache httpd",
"extra_info": "",
"tunnel": "ssl",
"softwares": [
{
"uri": "cpe:/a:apache:http_server",
"part": "a",
"vendor": "apache",
"product": "http_server",
"version": "ANY",
"language": "ANY",
"edition": "ANY",
"update": "ANY"
}
],
"modules": {
"http": {
"body": "<html><head><META HTTP-EQUIV=\"Cache-control\" CONTENT=\"no-cache\"><META HTTP-EQUIV=\"refresh\" CONTENT=\"0;URL=/cgi-sys/defaultwebpage.cgi\"></head><body></body></html>\n",
"body_murmur": -1507725539,
"body_sha256": "9278d16ed2fdcd5dc651615b0b8adc6b55fb667a9d106a9891b861d4561d9a24",
"component": [
"Apache HTTP Server"
],
"content_length": -1,
"headers": {
"accept_ranges": [
"bytes"
],
"cache_control": [
"max-age=0, no-cache, no-store, must-revalidate"
],
"connection": [
"Upgrade"
],
"content_type": [
"text/html"
],
"date": [
"Sat, 29 Nov 2025 16:59:59 GMT"
],
"pragma": [
"no-cache"
],
"server": [
"Apache"
],
"unknown": [
{
"key": "x_mod_pagespeed",
"value": [
"1.13.35.2-0"
]
}
],
"upgrade": [
"h2,h2c"
],
"vary": [
"Accept-Encoding"
]
},
"protocol": "HTTP/1.1",
"request": {
"headers": {
"accept": [
"*/*"
],
"user_agent": [
"Mozilla/5.0 (compatible; Odin; https://docs.getodin.com/)"
]
},
"method": "GET",
"url": {
"host": "182.255.5.28",
"path": "",
"scheme": "https"
}
},
"status_code": 200
},
"tls": {
"certificate": {
"extensions": {
"authority_info_access": {
"issuer_urls": [
"http://r13.i.lencr.org/"
]
},
"authority_key_id": "e7ab9f0f2c33a053d35e4f78c8b2840e3bd69233",
"basic_constraints": {
"is_ca": true
},
"certificate_policies": [
{
"id": "2.23.140.1.2.1"
}
],
"crl_distribution_points": [
"http://r13.c.lencr.org/79.crl"
],
"ct_precert_scts": "Signed Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : 64:11:C4:6C:A4:12:EC:A7:89:1C:A2:02:2E:00:BC:AB:\n 4F:28:07:D4:1E:35:27:AB:EA:FE:D5:03:C9:7D:CD:F0\n Timestamp : Oct 7 03:59:17.020 2025 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:45:02:20:6F:2F:BB:55:F0:CA:B4:7B:E6:E2:04:B1:\n 41:75:94:53:C0:2B:C4:04:8E:92:71:D7:D7:A5:B8:4E:\n 9D:F9:4E:E5:02:21:00:B9:F2:AA:F5:7C:C9:13:A5:B0:\n 33:B9:83:14:7F:E6:3C:C8:0B:CE:5C:66:BE:06:26:0E:\n 06:E1:A0:44:A1:CE:93\nSigned Certificate Timestamp:\n Version : v1 (0x0)\n Log ID : 96:97:64:BF:55:58:97:AD:F7:43:87:68:37:08:42:77:\n E9:F0:3A:D5:F6:A4:F3:36:6E:46:A4:3F:0F:CA:A9:C6\n Timestamp : Oct 7 03:59:17.066 2025 GMT\n Extensions: none\n Signature : ecdsa-with-SHA256\n 30:44:02:20:5E:6D:B6:E7:F8:B7:04:60:8B:99:A9:9A:\n 4A:FB:0A:FD:31:FA:26:6D:AF:14:90:F3:6E:A6:7A:3B:\n 4F:00:4E:AC:02:20:45:CF:62:AF:ED:98:56:AD:24:28:\n 69:5A:15:BA:A6:CD:A6:0D:5C:B3:B3:EF:2C:F9:1D:AD:\n 29:C4:FE:82:93:7E",
"extended_key_usage": {
"any": false,
"apple_code_signing": false,
"apple_code_signing_development": false,
"apple_code_signing_third_party": false,
"apple_crypto_development_env": false,
"apple_crypto_env": false,
"apple_crypto_maintenance_env": false,
"apple_crypto_production_env": false,
"apple_crypto_qos": false,
"apple_crypto_test_env": false,
"apple_crypto_tier0_qos": false,
"apple_crypto_tier1_qos": false,
"apple_crypto_tier2_qos": false,
"apple_crypto_tier3_qos": false,
"apple_ichat_encryption": false,
"apple_ichat_signing": false,
"apple_resource_signing": false,
"apple_software_update_signing": false,
"apple_system_identity": false,
"client_auth": true,
"code_signing": false,
"dvcs": false,
"eap_over_lan": false,
"eap_over_ppp": false,
"email_protection": false,
"ipsec_end_system": false,
"ipsec_intermediate_system_usage": false,
"ipsec_tunnel": false,
"ipsec_user": false,
"microsoft_ca_exchange": false,
"microsoft_cert_trust_list_signing": false,
"microsoft_csp_signature": false,
"microsoft_document_signing": false,
"microsoft_drm": false,
"microsoft_drm_individualization": false,
"microsoft_efs_recovery": false,
"microsoft_embedded_nt_crypto": false,
"microsoft_encrypted_file_system": false,
"microsoft_enrollment_agent": false,
"microsoft_kernel_mode_code_signing": false,
"microsoft_key_recovery_21": false,
"microsoft_key_recovery_3": false,
"microsoft_license_server": false,
"microsoft_licenses": false,
"microsoft_lifetime_signing": false,
"microsoft_mobile_device_software": false,
"microsoft_nt5_crypto": false,
"microsoft_oem_whql_crypto": false,
"microsoft_qualified_subordinate": false,
"microsoft_root_list_signer": false,
"microsoft_server_gated_crypto": false,
"microsoft_sgc_serialized": false,
"microsoft_smart_display": false,
"microsoft_smartcard_logon": false,
"microsoft_system_health": false,
"microsoft_system_health_loophole": false,
"microsoft_timestamp_signing": false,
"microsoft_whql_crypto": false,
"netscape_server_gated_crypto": false,
"ocsp_signing": false,
"sbgp_cert_aa_service_auth": false,
"server_auth": true,
"time_stamping": false
},
"key_usage": {
"certificate_sign": false,
"content_commitment": false,
"crl_sign": false,
"data_encipherment": false,
"decipher_only": false,
"digital_signature": true,
"encipher_only": false,
"key_agreement": false,
"key_encipherment": true
},
"subject_alt_name": {
"dns_names": [
"hosting29.undip.ac.id"
]
},
"subject_key_id": "7a071990c67e1e043f1f64cb83b86fcff8341618"
},
"fingerprint_md5": "762338ED2F14603476EC826CA4F9974F",
"fingerprint_sha1": "F9E2EFACDCA4F1604F1A3C239DAB102BAABADBA1",
"fingerprint_sha256": "D420BAC7313C752541B94335A003914707DF3494DE2B51256E326CDC0C95AD44",
"issuer": {
"common_name": [
"R13"
],
"country": [
"US"
],
"organization": [
"Let's Encrypt"
]
},
"issuer_dn": "/C=US/O=Let's Encrypt/CN=R13",
"jarm": "15d3fd16d29d29d00042d43d000000eed8083ffe0365e3dd86aa60eff5d3bb",
"redacted": false,
"revocation": {
"crl": {
"next_update": "2025-12-08T17:09:31",
"reason": "UNKNOWN",
"revoked": false
},
"ocsp": {
"reason": "UNKNOWN",
"revoked": false
}
},
"serial_number": "558343572037215435371985562034497654323790",
"signature": {
"algorithm": {
"name": "SHA256-RSA",
"oid": "1.2.840.113549.1.1.11"
},
"self_signed": false,
"value": "MmExNGI4OTM4YjczNTM1OThmZjg4ZmZiMTkxYmFkMTUyZmQwMGI4YTE2ZjYwMWIyOGIzZGViNWQ1NWVhOTZmMjIyZDFhNTc5ZTRlNTc1NWE4NmRlOGY0MmQ5ZDgxNGFmNmZmMzdkYzg1YTNjOTU1NWEzNjA5NmRhY2IyMTIxMmI3NDQ1N2IzYjFjOGI0NzdmMjRkOGVhYmJlNGE2ZGI4OGQyMTZlNzliZmQ2MzNlZDhjMzAxMjE3ZWIxN2FmNDljNWZkMDY3MjhiMzgyYWJkOTI0MzM3ZDUyMjkzZjYxMzJkMmZmMzQ1NTRmNzMwNDA2MDI2Mzk3MWRkOGJmMmQxOTQ0MTQzNzBkZjM2YTEyYjBkYjA2OTJhNWMzNWRhMjdhOTI4NGE3YjU1OTEyOWIzNjZkNjM4ZGM3Y2RkOGZlYjk2ZGM1MWMzZTJjMmQ5MGE3NWUzMzc3ZWE5ZDBjY2VhNmE5ZDIzMzYzYjBkYWVlYzgzYTNkOTVjODNiZDUxOTFlN2I1NDQ5ZTQyYzdkNjBjODExOGY3OGY2ZmFlOGQ0ODUwN2NlMzFkMmYyY2YzZmFiMThhMTI4ZGJmMGMxZjEzMTI4ODU1NTI5Y2RmOTI2OTFjZGE1ZDY1MWZjN2I0YTIyMTMyMzllZmUwZTg1OWY0ZjBmZmEyZDhlNGVjMTIxZDg="
},
"signed_certificate_timestamps": [
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "6411c46ca412eca7891ca2022e00bcab4f2807d41e3527abeafed503c97dcdf0",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "304502206f2fbb55f0cab47be6e204b141759453c02bc4048e9271d7d7a5b84e9df94ee5022100b9f2aaf57cc913a5b033b983147fe63cc80bce5c66be06260e06e1a044a1ce93"
},
"timestamp": "2025-10-07T03:59:17.020000",
"version": "v1"
},
{
"entry_type": "PRE_CERTIFICATE",
"log_id": "969764bf555897adf743876837084277e9f03ad5f6a4f3366e46a43f0fcaa9c6",
"signature": {
"algorithm": "ECDSA",
"hash_algorithm": "SHA256",
"value": "304402205e6db6e7f8b704608b99a99a4afb0afd31fa266daf1490f36ea67a3b4f004eac022045cf62afed9856ad2428695a15baa6cda60d5cb3b3ef2cf91dad29c4fe82937e"
},
"timestamp": "2025-10-07T03:59:17.066000",
"version": "v1"
}
],
"signed_certificate_timestamps_oid": "1.3.6.1.4.1.11129.2.4.2",
"subject": {
"common_name": [
"hosting29.undip.ac.id"
]
},
"subject_alt_name": {
"dns_names": [
"hosting29.undip.ac.id"
],
"extended_dns_names": [
{
"domain": "undip",
"fld": "undip.ac.id",
"subdomain": "hosting29",
"tld": "ac.id"
}
]
},
"subject_dn": "/CN=hosting29.undip.ac.id",
"subject_key_info": {
"_key": "rsa",
"dh": [],
"dsa": [],
"ecdsa": [],
"fingerprint_sha256": "05f073870d8825c413c7d50963edda703140885c00fe5b393062a6cb5074519c",
"key_algorithm": "RSA",
"rsa": {
"exponent": 65537,
"length": 2048,
"modulus": "MHhjOTU2MTMyZjVjZmY3Y2ZhYTg3MzlmNzhiNmJhZDhjNzhlODFlYWIxMThlNmE4ZjY3YWRiNmE5ZGZiZjc2NmM1YTgwZWQwODhiZWUwOTM1N2QxOGMzMDc1YzJkNzYzMmJmNjg5ZmJlNmNhN2I3ZWRhOTU4MzQwOTkxZWE5NjM3YWU3MjBhYTFlZWEyNWYwZjA1NjFkMjdmYTg4OTBlZGRkYzFlNGQzMjFjZmI5YzMyMjFiNTkwMDNkM2ZmMjhmMzk3OTZhZjczMjI1YTJjMDNiMmI0NWExNzU5NzUxZmRkNjljOWJiNmZhNzBhZjM4OTY3MGRmZGEyY2I1ZDgyM2ExMGRiOWRkM2ZkMTA5M2Y4NDU3ZjI5ZWJhYTBhNDQ1ZGJhM2M3MjY2OTE3ZjVjMzVmNDU0ZjEyZTRkMTE3YTAzNDVhMTA5MGJiYWNmNjQ3MDcyY2FiMjgxMGIyOGI0NDc1ZDFmNDk5M2FjMzk2N2QxODkyYjk2MjZiODE4NzI0YzNhOTFjMTE2NDg0ZjI0MjhhZWFmMDdkODhmMjI2MGU5YzFjODZmNTNlZTZhNjM4MGE5Y2NiNTY4M2FjZmY4NWIwZGQxZjM1ODUzNzk4M2JkYTllYmUzOGFjMTk4ZmU1NDk0NWEyNWE2NjgwZGNjNjJlMzZjMzAzNWZjOGY5Y2QxZA=="
}
},
"tbs_fingerprint": "3f32835979314663caf0f5e998e23d2994736daad1eba5848169ec4e6f615b9d",
"tbs_noct_fingerprint": "84e564b287b7ff80076f703c9862d5dc8a136446a4c6dee057fb9b4fd9caa920",
"validation_level": "DV",
"validity": {
"length_seconds": 7775999,
"not_after": "2026-01-05T03:00:45",
"not_before": "2025-10-07T03:00:46"
},
"version": 2
},
"fingerprint_sha256": "D420BAC7313C752541B94335A003914707DF3494DE2B51256E326CDC0C95AD44",
"precert": false,
"raw": "MIIFBTCCA+2gAwIBAgISBmjTBHbZxpYHrQFW7/k013pOMA0GCSqGSIb3DQEBCwUAMDMxCzAJBgNVBAYTAlVTMRYwFAYDVQQKEw1MZXQncyBFbmNyeXB0MQwwCgYDVQQDEwNSMTMwHhcNMjUxMDA3MDMwMDQ2WhcNMjYwMTA1MDMwMDQ1WjAgMR4wHAYDVQQDExVob3N0aW5nMjkudW5kaXAuYWMuaWQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQDJVhMvXP98+qhzn3i2utjHjoHqsRjmqPZ622qd+/dmxagO0Ii+4JNX0YwwdcLXYyv2ifvmynt+2pWDQJkeqWN65yCqHuol8PBWHSf6iJDt3cHk0yHPucMiG1kAPT/yjzl5avcyJaLAOytFoXWXUf3WnJu2+nCvOJZw39ostdgjoQ253T/RCT+EV/KeuqCkRdujxyZpF/XDX0VPEuTRF6A0WhCQu6z2RwcsqygQsotEddH0mTrDln0Ykrlia4GHJMOpHBFkhPJCiurwfYjyJg6cHIb1PuamOAqcy1aDrP+FsN0fNYU3mDvanr44rBmP5UlFolpmgNzGLjbDA1/I+c0dAgMBAAGjggIkMIICIDAOBgNVHQ8BAf8EBAMCBaAwHQYDVR0lBBYwFAYIKwYBBQUHAwEGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwHQYDVR0OBBYEFHoHGZDGfh4EPx9ky4O4b8/4NBYYMB8GA1UdIwQYMBaAFOernw8sM6BT015PeMiyhA471pIzMDMGCCsGAQUFBwEBBCcwJTAjBggrBgEFBQcwAoYXaHR0cDovL3IxMy5pLmxlbmNyLm9yZy8wIAYDVR0RBBkwF4IVaG9zdGluZzI5LnVuZGlwLmFjLmlkMBMGA1UdIAQMMAowCAYGZ4EMAQIBMC4GA1UdHwQnMCUwI6AhoB+GHWh0dHA6Ly9yMTMuYy5sZW5jci5vcmcvNzkuY3JsMIIBAwYKKwYBBAHWeQIEAgSB9ASB8QDvAHYAZBHEbKQS7KeJHKICLgC8q08oB9QeNSer6v7VA8l9zfAAAAGZvNLSHAAABAMARzBFAiBvL7tV8Mq0e+biBLFBdZRTwCvEBI6ScdfXpbhOnflO5QIhALnyqvV8yROlsDO5gxR/5jzIC85cZr4GJg4G4aBEoc6TAHUAlpdkv1VYl633Q4doNwhCd+nwOtX2pPM2bkakPw/KqcYAAAGZvNLSSgAABAMARjBEAiBebbbn+LcEYIuZqZpK+wr9Mfomba8UkPNupno7TwBOrAIgRc9ir+2YVq0kKGlaFbqmzaYNXLOz7yz5Ha0pxP6Ck34wDQYJKoZIhvcNAQELBQADggEBACoUuJOLc1NZj/iP+xkbrRUv0AuKFvYBsos9611V6pbyItGleeTldVqG3o9C2dgUr2/zfchaPJVVo2CW2sshISt0RXs7HItHfyTY6rvkptuI0hbnm/1jPtjDASF+sXr0nF/QZyizgqvZJDN9Uik/YTLS/zRVT3MEBgJjlx3Yvy0ZRBQ3DfNqErDbBpKlw12iepKEp7VZEps2bWONx83Y/rltxRw+LC2Qp14zd+qdDM6mqdIzY7Da7sg6PZXIO9UZHntUSeQsfWDIEY949vro1IUHzjHS8s8/qxihKNvwwfExKIVVKc35JpHNpdZR/HtKIhMjnv4OhZ9PD/otjk7BIdg=",
"tags": [
"dv",
"trusted"
]
}
},
"cve": [
{
"id": "CVE-1999-0070",
"score": 5,
"severity": "medium"
},
{
"id": "CVE-1999-1199",
"score": 10,
"severity": "high"
},
{
"id": "CVE-2023-25690",
"score": 9.8,
"severity": "critical"
}
],
"url": "https://182.255.5.28/",
"_meta": {
"name": "",
"desc": "",
"category": ""
},
"last_updated_at": "2025-11-29T17:24:46.375Z"
}
],
"services_hash": "56f55273004333966e725439bf3a592a3d115cd61b8ce6abe7005364c7a8c08f",
"last_updated_at": "2025-11-30T04:21:53.96Z",
"banner": [
"http",
"tls"
],
"is_vuln": true,
"cveDetails": {
"CVE-1999-0070": {
"id": "CVE-1999-0070",
"references": [
"https://lists.apache.org/thread.html/rc5d27fc1e76dc5650e1a3f1db1de403120f4c2d041cb7352850455c2%40%3Cusers.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rc5d27fc1e76dc5650e1a3f1db1de403120f4c2d041cb7352850455c2%40%3Cusers.httpd.apache.org%3E"
],
"score": 5,
"services": [
"80/http"
],
"severity": "medium",
"summary": "test-cgi program allows an attacker to list files on the server.",
"vector_string": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"weakness": "NVD-CWE-noinfo"
},
"CVE-1999-1199": {
"id": "CVE-1999-1199",
"references": [
"http://marc.info/?l=bugtraq&m=90252779826784&w=2",
"http://marc.info/?l=bugtraq&m=90276683825862&w=2",
"http://marc.info/?l=bugtraq&m=90280517007869&w=2",
"http://marc.info/?l=bugtraq&m=90286768232093&w=2",
"http://www.redhat.com/support/errata/rh51-errata-general.html#apache",
"https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",
"http://marc.info/?l=bugtraq&m=90252779826784&w=2",
"http://marc.info/?l=bugtraq&m=90276683825862&w=2",
"http://marc.info/?l=bugtraq&m=90280517007869&w=2",
"http://marc.info/?l=bugtraq&m=90286768232093&w=2",
"http://www.redhat.com/support/errata/rh51-errata-general.html#apache",
"https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf2f0f3611f937cf6cfb3b4fe4a67f69885855126110e1e3f2fb2728e%40%3Ccvs.httpd.apache.org%3E",
"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
],
"score": 10,
"services": [
"80/http"
],
"severity": "high",
"summary": "Apache WWW server 1.3.1 and earlier allows remote attackers to cause a denial of service (resource exhaustion) via a large number of MIME headers with the same name, aka the \"sioux\" vulnerability.",
"vector_string": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"weakness": "NVD-CWE-Other"
},
"CVE-2023-25690": {
"id": "CVE-2023-25690",
"references": [
"http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"https://security.gentoo.org/glsa/202309-01",
"http://packetstormsecurity.com/files/176334/Apache-2.4.55-mod_proxy-HTTP-Request-Smuggling.html",
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 9.8,
"services": [
"80/http"
],
"severity": "critical",
"summary": "Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow a HTTP Request Smuggling attack.\n\n\n\n\nConfigurations are affected when mod_proxy is enabled along with some form of RewriteRule\n or ProxyPassMatch in which a non-specific pattern matches\n some portion of the user-supplied request-target (URL) data and is then\n re-inserted into the proxied request-target using variable \nsubstitution. For example, something like:\n\n\n\n\nRewriteEngine on\nRewriteRule \"^/here/(.*)\" \"http://example.com:8080/elsewhere?$1\"; [P]\nProxyPassReverse /here/ http://example.com:8080/\n\n\nRequest splitting/smuggling could result in bypass of access controls in the proxy server, proxying unintended URLs to existing origin servers, and cache poisoning. Users are recommended to update to at least version 2.4.56 of Apache HTTP Server.",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"weakness": "CWE-444"
},
"CVE-2023-27522": {
"id": "CVE-2023-27522",
"references": [
"https://httpd.apache.org/security/vulnerabilities_24.html",
"https://lists.debian.org/debian-lts-announce/2023/04/msg00028.html",
"https://security.gentoo.org/glsa/202309-01"
],
"score": 7.5,
"services": [
"80/http"
],
"severity": "high",
"summary": "HTTP Response Smuggling vulnerability in Apache HTTP Server via mod_proxy_uwsgi. This issue affects Apache HTTP Server: from 2.4.30 through 2.4.55.nnSpecial characters in the origin response header can truncate/split the response forwarded to the client.nnn",
"vector_string": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"weakness": "CWE-444"
}
}
}