Vulnerability-Lookup

RHSA-2026:21433

Vulnerability from csaf_redhat - Published: 2026-05-27 21:42 - Updated: 2026-05-28 02:41

Summary

Red Hat Security Advisory: httpd security update

Severity

Important

Notes

Topic: An update for httpd is now available for Red Hat Enterprise Linux 10. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Details: The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server. Security Fix(es): * httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059) * httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032) * httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857) * httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007) * Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2026-28780

A flaw was found in mod_proxy_ajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP (Apache JServ Protocol) server, to send a specially crafted message. This message can cause mod_proxy_ajp to write attacker-controlled data beyond a heap-based buffer, potentially leading to arbitrary code execution or a denial of service.

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE-787 - Out-of-bounds Write

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix

Threats

Impact Important

CVE-2026-33007

A flaw was found in the mod_authn_socache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration.

5.3 (Medium)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CWE-476 - NULL Pointer Dereference

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-33857

A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of service.

7.5 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-125 - Out-of-bounds Read

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-34032

A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-170 - Improper Null Termination

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

CVE-2026-34059

A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the ajp_parse_data function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.

8.2 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H

CWE-126 - Buffer Over-read

Affected products

Fixed 75 products

Product	Version	Remediation
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x	—	Vendor Fix fix Workaround
Unresolved product id: AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64	—	Vendor Fix fix Workaround

Threats

Impact Moderate

References

29 references

URL	Category
https://access.redhat.com/errata/RHSA-2026:21433	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=2464940	external
https://bugzilla.redhat.com/show_bug.cgi?id=2464952	external
https://bugzilla.redhat.com/show_bug.cgi?id=2464953	external
https://bugzilla.redhat.com/show_bug.cgi?id=2465299	external
https://bugzilla.redhat.com/show_bug.cgi?id=2466913	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2026-28780	self
https://bugzilla.redhat.com/show_bug.cgi?id=2466913	external
https://www.cve.org/CVERecord?id=CVE-2026-28780	external
https://nvd.nist.gov/vuln/detail/CVE-2026-28780	external
https://httpd.apache.org/security/vulnerabilities…	external
https://access.redhat.com/security/cve/CVE-2026-33007	self
https://bugzilla.redhat.com/show_bug.cgi?id=2465299	external
https://www.cve.org/CVERecord?id=CVE-2026-33007	external
https://nvd.nist.gov/vuln/detail/CVE-2026-33007	external
https://access.redhat.com/security/cve/CVE-2026-33857	self
https://bugzilla.redhat.com/show_bug.cgi?id=2464953	external
https://www.cve.org/CVERecord?id=CVE-2026-33857	external
https://nvd.nist.gov/vuln/detail/CVE-2026-33857	external
https://access.redhat.com/security/cve/CVE-2026-34032	self
https://bugzilla.redhat.com/show_bug.cgi?id=2464952	external
https://www.cve.org/CVERecord?id=CVE-2026-34032	external
https://nvd.nist.gov/vuln/detail/CVE-2026-34032	external
https://access.redhat.com/security/cve/CVE-2026-34059	self
https://bugzilla.redhat.com/show_bug.cgi?id=2464940	external
https://www.cve.org/CVERecord?id=CVE-2026-34059	external
https://nvd.nist.gov/vuln/detail/CVE-2026-34059	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "An update for httpd is now available for Red Hat Enterprise Linux 10.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The httpd packages provide the Apache HTTP Server, a powerful, efficient, and extensible web server.\n\nSecurity Fix(es):\n\n* httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data() (CVE-2026-34059)\n\n* httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check (CVE-2026-34032)\n\n* httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions (CVE-2026-33857)\n\n* httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash (CVE-2026-33007)\n\n* Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow (CVE-2026-28780)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2026:21433",
        "url": "https://access.redhat.com/errata/RHSA-2026:21433"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "2464940",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464940"
      },
      {
        "category": "external",
        "summary": "2464952",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464952"
      },
      {
        "category": "external",
        "summary": "2464953",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464953"
      },
      {
        "category": "external",
        "summary": "2465299",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465299"
      },
      {
        "category": "external",
        "summary": "2466913",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466913"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_21433.json"
      }
    ],
    "title": "Red Hat Security Advisory: httpd security update",
    "tracking": {
      "current_release_date": "2026-05-28T02:41:10+00:00",
      "generator": {
        "date": "2026-05-28T02:41:10+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.8.1"
        }
      },
      "id": "RHSA-2026:21433",
      "initial_release_date": "2026-05-27T21:42:31+00:00",
      "revision_history": [
        {
          "date": "2026-05-27T21:42:31+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2026-05-27T21:42:31+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2026-05-28T02:41:10+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat Enterprise Linux AppStream (v. 10)",
                "product": {
                  "name": "Red Hat Enterprise Linux AppStream (v. 10)",
                  "product_id": "AppStream-10.2.Z",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:redhat:enterprise_linux:10.2"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat Enterprise Linux"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-0:2.4.63-13.el10_2.1.src",
                "product": {
                  "name": "httpd-0:2.4.63-13.el10_2.1.src",
                  "product_id": "httpd-0:2.4.63-13.el10_2.1.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.4.63-13.el10_2.1?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "httpd-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "httpd-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-core-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "httpd-core-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "httpd-core-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-core@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-devel@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-tools@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ldap@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_lua-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "mod_lua-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "mod_lua-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_lua@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.63-13.el10_2.1?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_session-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "mod_session-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "mod_session-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_session@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl@2.4.63-13.el10_2.1?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-debugsource@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-core-debuginfo@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_lua-debuginfo@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.63-13.el10_2.1?arch=aarch64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.63-13.el10_2.1?arch=aarch64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
                "product": {
                  "name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
                  "product_id": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.63-13.el10_2.1?arch=aarch64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "httpd-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "httpd-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-core@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-devel@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-tools@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ldap@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_lua@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.63-13.el10_2.1?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_session-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "mod_session-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "mod_session-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_session@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl@2.4.63-13.el10_2.1?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-debugsource@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-core-debuginfo@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_lua-debuginfo@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.63-13.el10_2.1?arch=ppc64le\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.63-13.el10_2.1?arch=ppc64le"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
                "product": {
                  "name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
                  "product_id": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.63-13.el10_2.1?arch=ppc64le\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "ppc64le"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "httpd-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "httpd-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-core-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "httpd-core-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "httpd-core-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-core@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-devel@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-tools@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ldap@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_lua-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "mod_lua-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "mod_lua-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_lua@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.63-13.el10_2.1?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_session-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "mod_session-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "mod_session-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_session@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl@2.4.63-13.el10_2.1?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-debugsource@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-core-debuginfo@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_lua-debuginfo@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.63-13.el10_2.1?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.63-13.el10_2.1?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
                "product": {
                  "name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
                  "product_id": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.63-13.el10_2.1?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "httpd-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "httpd-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-core-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "httpd-core-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "httpd-core-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-core@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-devel-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "httpd-devel-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "httpd-devel-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-devel@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-tools-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "httpd-tools-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "httpd-tools-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-tools@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ldap-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "mod_ldap-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "mod_ldap-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ldap@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_lua-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "mod_lua-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "mod_lua-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_lua@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
                  "product_id": "mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_proxy_html@2.4.63-13.el10_2.1?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_session-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "mod_session-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "mod_session-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_session@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl-1:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "mod_ssl-1:2.4.63-13.el10_2.1.s390x",
                  "product_id": "mod_ssl-1:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl@2.4.63-13.el10_2.1?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-debugsource@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-core-debuginfo@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-debuginfo@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-tools-debuginfo@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ldap-debuginfo@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_lua-debuginfo@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
                  "product_id": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_proxy_html-debuginfo@2.4.63-13.el10_2.1?arch=s390x\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                  "product_id": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_session-debuginfo@2.4.63-13.el10_2.1?arch=s390x"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
                "product": {
                  "name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
                  "product_id": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl-debuginfo@2.4.63-13.el10_2.1?arch=s390x\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "s390x"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
                "product": {
                  "name": "httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
                  "product_id": "httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-filesystem@2.4.63-13.el10_2.1?arch=noarch"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-manual-0:2.4.63-13.el10_2.1.noarch",
                "product": {
                  "name": "httpd-manual-0:2.4.63-13.el10_2.1.noarch",
                  "product_id": "httpd-manual-0:2.4.63-13.el10_2.1.noarch",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-manual@2.4.63-13.el10_2.1?arch=noarch"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "httpd-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "httpd-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "httpd-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-0:2.4.63-13.el10_2.1.src as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src"
        },
        "product_reference": "httpd-0:2.4.63-13.el10_2.1.src",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "httpd-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-core-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "httpd-core-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-core-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-core-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "httpd-core-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-core-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "httpd-core-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-debugsource-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-devel-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-devel-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-devel-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "httpd-devel-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-devel-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-filesystem-0:2.4.63-13.el10_2.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch"
        },
        "product_reference": "httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-manual-0:2.4.63-13.el10_2.1.noarch as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch"
        },
        "product_reference": "httpd-manual-0:2.4.63-13.el10_2.1.noarch",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-tools-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-tools-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-tools-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "httpd-tools-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-tools-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ldap-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ldap-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ldap-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "mod_ldap-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ldap-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_lua-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "mod_lua-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_lua-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_lua-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "mod_lua-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_lua-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "mod_lua-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_proxy_html-1:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_session-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "mod_session-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_session-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "mod_session-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_session-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "mod_session-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_session-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "mod_session-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl-1:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl-1:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl-1:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "mod_ssl-1:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl-1:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64"
        },
        "product_reference": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le"
        },
        "product_reference": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x"
        },
        "product_reference": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
        "relates_to_product_reference": "AppStream-10.2.Z"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 10)",
          "product_id": "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
        },
        "product_reference": "mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
        "relates_to_product_reference": "AppStream-10.2.Z"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2026-28780",
      "cwe": {
        "id": "CWE-787",
        "name": "Out-of-bounds Write"
      },
      "discovery_date": "2026-05-05T22:01:12.666022+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2466913"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in mod_proxy_ajp of Apache HTTP Server. This heap-based buffer overflow vulnerability allows a remote attacker, by connecting to a malicious AJP (Apache JServ Protocol) server, to send a specially crafted message. This message can cause mod_proxy_ajp to write attacker-controlled data beyond a heap-based buffer, potentially leading to arbitrary code execution or a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
          "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-28780"
        },
        {
          "category": "external",
          "summary": "RHBZ#2466913",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2466913"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-28780",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-28780"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-28780",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-28780"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2026-05-05T21:29:41.527000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-27T21:42:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:21433"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "Apache HTTP Server: mod_proxy_ajp: Apache HTTP Server mod_proxy_ajp: Arbitrary code execution via heap-based buffer overflow"
    },
    {
      "cve": "CVE-2026-33007",
      "cwe": {
        "id": "CWE-476",
        "name": "NULL Pointer Dereference"
      },
      "discovery_date": "2026-05-04T15:01:24.989510+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2465299"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mod_authn_socache module of httpd. This vulnerability allows an unauthenticated remote user to crash a child process due to a NULL pointer dereference when the server is operating in a caching forward proxy configuration.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "This issue allows an unauthenticated remote attacker to cause a crash in a child process. However, the main parent process remains active and functional. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_authn_socache loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
          "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33007"
        },
        {
          "category": "external",
          "summary": "RHBZ#2465299",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2465299"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33007",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33007"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33007",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33007"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2026-05-04T14:41:27.520000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-27T21:42:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:21433"
        },
        {
          "category": "workaround",
          "details": "Disabling mod_authn_socache and restarting httpd will mitigate this flaw.",
          "product_ids": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 5.3,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_authn_socache: NULL pointer dereference can cause a child process crash"
    },
    {
      "cve": "CVE-2026-33857",
      "cwe": {
        "id": "CWE-125",
        "name": "Out-of-bounds Read"
      },
      "discovery_date": "2026-05-04T14:01:10.810459+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2464953"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the AJP getter functions attempt to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause an out-of-bounds read. This issue leads to a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, the Apache HTTP Server must be configured to connect to an untrusted or compromised AJP backend server, limiting its exposure. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_proxy_ajp loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
          "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-33857"
        },
        {
          "category": "external",
          "summary": "RHBZ#2464953",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464953"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-33857",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-33857"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-33857",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-33857"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2026-05-04T13:07:30.753000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-27T21:42:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:21433"
        },
        {
          "category": "workaround",
          "details": "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.",
          "product_ids": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_proxy_ajp: off-by-one out-of-bounds reads in AJP getter functions"
    },
    {
      "cve": "CVE-2026-34032",
      "cwe": {
        "id": "CWE-170",
        "name": "Improper Null Termination"
      },
      "discovery_date": "2026-05-04T14:01:07.000400+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2464952"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the server fails to properly check if a string is null-terminated before attempting to read it, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, the Apache HTTP Server must be configured to connect to an untrusted or compromised AJP backend server, limiting its exposure. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_proxy_ajp loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
          "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-34032"
        },
        {
          "category": "external",
          "summary": "RHBZ#2464952",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464952"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-34032",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34032"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34032",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34032"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2026-05-04T12:54:54.383000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-27T21:42:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:21433"
        },
        {
          "category": "workaround",
          "details": "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.",
          "product_ids": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_proxy_ajp: heap-based buffer over-read due to missing null-termination check"
    },
    {
      "cve": "CVE-2026-34059",
      "cwe": {
        "id": "CWE-126",
        "name": "Buffer Over-read"
      },
      "discovery_date": "2026-05-04T13:01:08.557596+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2464940"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the mod_proxy_ajp module of httpd. When processing AJP (Apache JServ Protocol) messages, the ajp_parse_data function attempts to read data beyond the allocated buffer size, allowing an attacker or a malformed request to cause a heap-based buffer over-read. This issue potentially leads to memory disclosure and a denial of service.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "To exploit this issue, the Apache HTTP Server must be configured to connect to an untrusted or compromised AJP backend server, limiting its exposure. Due to this reason, this flaw has been rated with a moderate severity.\n\nThis flaw only affects configurations with mod_proxy_ajp loaded and being used. This module can be disabled via the configuration file if its functionality is not being used.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
          "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
          "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
          "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2026-34059"
        },
        {
          "category": "external",
          "summary": "RHBZ#2464940",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2464940"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2026-34059",
          "url": "https://www.cve.org/CVERecord?id=CVE-2026-34059"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2026-34059",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2026-34059"
        },
        {
          "category": "external",
          "summary": "https://httpd.apache.org/security/vulnerabilities_24.html",
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "release_date": "2026-05-04T12:39:42.273000+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2026-05-27T21:42:31+00:00",
          "details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2026:21433"
        },
        {
          "category": "workaround",
          "details": "Disabling mod_proxy_ajp and restarting httpd will mitigate this flaw.",
          "product_ids": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.2,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.src",
            "AppStream-10.2.Z:httpd-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-core-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-debugsource-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-devel-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-filesystem-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-manual-0:2.4.63-13.el10_2.1.noarch",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:httpd-tools-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ldap-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_lua-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_proxy_html-debuginfo-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_session-debuginfo-0:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-1:2.4.63-13.el10_2.1.x86_64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.aarch64",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.ppc64le",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.s390x",
            "AppStream-10.2.Z:mod_ssl-debuginfo-1:2.4.63-13.el10_2.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "httpd: mod_proxy_ajp: heap-based buffer over-read and memory disclosure in ajp_parse_data()"
    }
  ]
}

CVE-2026-28780 (GCVE-0-2026-28780)

Vulnerability from cvelistv5 – Published: 2026-05-05 21:29 – Updated: 2026-05-06 15:50

Title

Apache HTTP Server: buffer overflow in mod_proxy_ajp via ajp_msg_check_header()

Summary

Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server. If mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Severity

No CVSS data available.

CWE

CWE-122 - Heap-based Buffer Overflow

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 0 , ≤ 2.4.66 (semver)

Credits

Andrew Lacambra Elhanan Haenel Tianshuo Han (<hantianshuo233@gmail.com>) Tristan Madani

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-05T22:24:30.623Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/05/9"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "HIGH",
              "baseScore": 9.8,
              "baseSeverity": "CRITICAL",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-28780",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-06T15:49:38.049896Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-06T15:50:18.682Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.66",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Andrew Lacambra"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Elhanan Haenel"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Tianshuo Han (\u003chantianshuo233@gmail.com\u003e)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Tristan Madani"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eHeap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server.\u003cbr\u003eIf mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: through 2.4.66.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.67, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Heap-based Buffer Overflow vulnerability in mod_proxy_ajp of Apache HTTP Server.\nIf mod_proxy_ajp connects to a malicious AJP server this AJP server can send a malicious AJP message back to mod_proxy_ajp and cause it to write 4 attacker controlled bytes after the end of a heap based buffer.\n\nThis issue affects Apache HTTP Server: through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122 Heap-based Buffer Overflow",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-05T21:29:41.527Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-02-04T12:00:00.000Z",
          "value": "reported"
        },
        {
          "lang": "en",
          "time": "2026-03-18T12:00:00.000Z",
          "value": "reported by 3rd finder"
        },
        {
          "lang": "en",
          "time": "2026-02-28T12:00:00.000Z",
          "value": "reported by 2nd finder"
        }
      ],
      "title": "Apache HTTP Server: buffer overflow in mod_proxy_ajp via  ajp_msg_check_header()",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-28780",
    "datePublished": "2026-05-05T21:29:41.527Z",
    "dateReserved": "2026-03-03T12:31:23.999Z",
    "dateUpdated": "2026-05-06T15:50:18.682Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33007 (GCVE-0-2026-33007)

Vulnerability from cvelistv5 – Published: 2026-05-04 14:41 – Updated: 2026-05-05 15:07

Title

Apache HTTP Server: mod_authn_socache crash

Summary

A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration. Users are recommended to upgrade to version 2.4.67, which fixes this issue.

Severity

No CVSS data available.

CWE

CWE-476 - NULL Pointer Dereference

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 2.4.0 , ≤ 2.4.66 (semver)

Credits

Pavel Kohout, Aisle Research, Aisle.com Arkadi Vainbrand

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "LOW",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "NONE",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-33007",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T15:13:12.273045Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T15:13:14.598Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-04T17:32:48.215Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/22"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.66",
              "status": "affected",
              "version": "2.4.0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Pavel Kohout, Aisle Research, Aisle.com"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "Arkadi Vainbrand"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.\u003cbr\u003e\u003cbr\u003eUsers are recommended to upgrade to version 2.4.67, which fixes this issue."
            }
          ],
          "value": "A NULL pointer dereference in the mod_authn_socache in Apache HTTP Server 2.4.66 and earlier allows an unauthenticated remote user to crash a child process in a caching forward proxy configuration.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes this issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-476",
              "description": "CWE-476 NULL Pointer Dereference",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-05T15:07:42.103Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "EXTERNAL"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-04T12:15:00.000Z",
          "value": "Report received"
        },
        {
          "lang": "eng",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "2.4.67 released"
        },
        {
          "lang": "en",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "fixed in 2.4.x by r1933358"
        }
      ],
      "title": "Apache HTTP Server: mod_authn_socache crash",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-33007",
    "datePublished": "2026-05-04T14:41:27.520Z",
    "dateReserved": "2026-03-17T16:46:05.025Z",
    "dateUpdated": "2026-05-05T15:07:42.103Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-33857 (GCVE-0-2026-33857)

Vulnerability from cvelistv5 – Published: 2026-05-04 13:07 – Updated: 2026-05-04 17:32

Title

Apache HTTP Server: Off-by-one OOB reads in AJP getter functions

Summary

Out-of-bounds Read vulnerability in mod_proxy_ajp of Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Severity

No CVSS data available.

CWE

CWE-125 - Out-of-bounds Read

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 0 , ≤ 2.4.66 (semver)

Credits

Elhanan Haenel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-33857",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T13:58:58.653462Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T13:59:45.381Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-04T17:32:50.362Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/15"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.66",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Elhanan Haenel"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eOut-of-bounds Read vulnerability in mod_proxy_ajp of \n\nApache HTTP Server.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: through 2.4.66.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.67, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Out-of-bounds Read vulnerability in mod_proxy_ajp of \n\nApache HTTP Server.\n\nThis issue affects Apache HTTP Server: through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T13:07:30.753Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-20T12:00:00.000Z",
          "value": "Reported"
        },
        {
          "lang": "en",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "fixed by r1933341 in 2.4.x"
        }
      ],
      "title": "Apache HTTP Server: Off-by-one OOB reads in AJP getter functions",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-33857",
    "datePublished": "2026-05-04T13:07:30.753Z",
    "dateReserved": "2026-03-24T09:20:11.213Z",
    "dateUpdated": "2026-05-04T17:32:50.362Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34032 (GCVE-0-2026-34032)

Vulnerability from cvelistv5 – Published: 2026-05-04 12:54 – Updated: 2026-05-04 17:32

Title

Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)

Summary

Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Severity

No CVSS data available.

CWE

CWE-170 - Improper Null Termination
CWE-125 - Out-of-bounds Read

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 0 , ≤ 2.4.66 (semver)

Credits

Tianshuo Han (<hantianshuo233@gmail.com>) Jérôme Djouder

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 5.3,
              "baseSeverity": "MEDIUM",
              "confidentialityImpact": "LOW",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-34032",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T14:05:36.659371Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T14:05:58.672Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-04T17:32:51.452Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/16"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.66",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Tianshuo Han (\u003chantianshuo233@gmail.com\u003e)"
        },
        {
          "lang": "en",
          "type": "finder",
          "value": "J\u00e9r\u00f4me Djouder"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eImproper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: through 2.4.66.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.67, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Improper Null Termination, Out-of-bounds Read vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-170",
              "description": "CWE-170 Improper Null Termination",
              "lang": "en",
              "type": "CWE"
            }
          ]
        },
        {
          "descriptions": [
            {
              "cweId": "CWE-125",
              "description": "CWE-125 Out-of-bounds Read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T12:54:54.383Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-01T02:27:00.000Z",
          "value": "Report received"
        },
        {
          "lang": "en",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "fixed in 2.4.x by r1933343"
        }
      ],
      "title": "Apache HTTP Server: mod_proxy_ajp: Heap Buffer Over-Read Due to Missing Null-Termination Check (ajp_msg_get_string)",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-34032",
    "datePublished": "2026-05-04T12:54:54.383Z",
    "dateReserved": "2026-03-25T13:39:27.421Z",
    "dateUpdated": "2026-05-04T17:32:51.452Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2026-34059 (GCVE-0-2026-34059)

Vulnerability from cvelistv5 – Published: 2026-05-04 12:39 – Updated: 2026-05-04 17:32

Title

Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in ajp_parse_data()

Summary

Buffer Over-read vulnerability in Apache HTTP Server. This issue affects Apache HTTP Server: through 2.4.66. Users are recommended to upgrade to version 2.4.67, which fixes the issue.

Severity

No CVSS data available.

CWE

CWE-126 - Buffer Over-read

Assigner

apache

References

1 reference

URL	Tags
https://httpd.apache.org/security/vulnerabilities…	vendor-advisory

Impacted products

1 product

Vendor	Product	Version
Apache Software Foundation	Apache HTTP Server	Affected: 0 , ≤ 2.4.66 (semver)

Credits

Elhanan Haenel

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "NETWORK",
              "availabilityImpact": "NONE",
              "baseScore": 7.5,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "NONE",
              "privilegesRequired": "NONE",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2026-34059",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-05-04T14:10:32.282672Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-05-04T14:12:46.186Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      },
      {
        "providerMetadata": {
          "dateUpdated": "2026-05-04T17:32:52.565Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "url": "http://www.openwall.com/lists/oss-security/2026/05/04/17"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Apache HTTP Server",
          "vendor": "Apache Software Foundation",
          "versions": [
            {
              "lessThanOrEqual": "2.4.66",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Elhanan Haenel"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "supportingMedia": [
            {
              "base64": false,
              "type": "text/html",
              "value": "\u003cp\u003eBuffer Over-read vulnerability in Apache HTTP Server.\u003c/p\u003e\u003cp\u003eThis issue affects Apache HTTP Server: through 2.4.66.\u003c/p\u003e\u003cp\u003eUsers are recommended to upgrade to version 2.4.67, which fixes the issue.\u003c/p\u003e"
            }
          ],
          "value": "Buffer Over-read vulnerability in Apache HTTP Server.\n\nThis issue affects Apache HTTP Server: through 2.4.66.\n\nUsers are recommended to upgrade to version 2.4.67, which fixes the issue."
        }
      ],
      "metrics": [
        {
          "other": {
            "content": {
              "text": "low"
            },
            "type": "Textual description of severity"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-126",
              "description": "CWE-126 Buffer Over-read",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-05-04T12:39:42.273Z",
        "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
        "shortName": "apache"
      },
      "references": [
        {
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://httpd.apache.org/security/vulnerabilities_24.html"
        }
      ],
      "source": {
        "discovery": "UNKNOWN"
      },
      "timeline": [
        {
          "lang": "en",
          "time": "2026-03-20T15:02:00.000Z",
          "value": "Report received"
        },
        {
          "lang": "en",
          "time": "2026-05-04T12:00:00.000Z",
          "value": "fixed in 2.4.x by r1933346"
        }
      ],
      "title": "Apache HTTP Server: mod_proxy_ajp: Heap Over-Read and memory disclosure in  ajp_parse_data()",
      "x_generator": {
        "engine": "Vulnogram 0.2.0"
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09",
    "assignerShortName": "apache",
    "cveId": "CVE-2026-34059",
    "datePublished": "2026-05-04T12:39:42.273Z",
    "dateReserved": "2026-03-25T16:18:03.089Z",
    "dateUpdated": "2026-05-04T17:32:52.565Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2026:21433

CVE-2026-28780 (GCVE-0-2026-28780)

CVE-2026-33007 (GCVE-0-2026-33007)

CVE-2026-33857 (GCVE-0-2026-33857)

CVE-2026-34032 (GCVE-0-2026-34032)

CVE-2026-34059 (GCVE-0-2026-34059)

Tags

Sightings

Nomenclature