[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2016-0736":6},{"stargazers_count":4,"fetched_at":5},7,"2026-06-05T08:55:32.481Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":18,"aliases":33,"duplicate_of":9,"upstream":34,"downstream":35,"duplicates":58,"related":59,"reserved_at":9,"published_at":63,"modified_at":64,"state":65,"summary":66,"references_raw":73,"kevs":196,"epss":197,"epss_history":200,"metrics":452,"affected":462},"CVE-2016-0736","In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":9,"likelihood_of_exploit":9,"capec":17},"CWE-310","Cryptographic Issues","Weaknesses in this category are related to the design and implementation of data confidentiality and integrity. Frequently these deal with the use of encoding techniques, encryption libraries, and hashing algorithms. The weaknesses in this category could lead to a degradation of the quality data if they are not addressed.","category","Draft",[],[19],{"_key":20,"name":21,"source":22,"url":23,"maturity":24,"reliability_score":25,"verified":26,"type":9,"platforms":27,"requires_auth":9,"exploitdb":29,"metasploit":9},"40961","Apache mod_session_crypto - Padding Oracle","exploit-database","https://www.exploit-db.com/exploits/40961","poc",0.5,false,[28],"multiple",{"verified":26,"type":30,"platform":28,"file":31,"codes":32},"webapps","exploits/multiple/webapps/40961.py",[7],[],[],[36,38,40,42,44,46,48,50,52,54,56],{"_key":37},"SUSE-SU-2017:0797-1",{"_key":39},"SUSE-SU-2017:0801-1",{"_key":41},"DSA-3796-1",{"_key":43},"MGASA-2018-0007",{"_key":45},"UBUNTU-CVE-2016-0736",{"_key":47},"USN-3279-1",{"_key":49},"DEBIAN-CVE-2016-0736",{"_key":51},"RHSA-2017:0906",{"_key":53},"RHSA-2017:1161",{"_key":55},"RHSA-2017:1413",{"_key":57},"RHSA-2017:1414",[],[60,61,62],{"_key":37},{"_key":39},{"_key":43},"2017-07-27T21:00:00.000Z","2024-09-16T17:52:49.825Z","Modified",{"cisa_kev":26,"cisa_ransomware":26,"cisa_vendor":9,"epss_severity":67,"epss_score":68,"severity":67,"severity_score":69,"severity_version":70,"severity_source":71,"severity_vector":72,"severity_status":65},"high",0.4168,7.5,"v3.0","nvd","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",[74,80,86,92,99,104,108,112,116,120,125,129,133,137,142,146,152,156,160,164,168,172,176,180,184,188,192],{"url":75,"sources":76,"tags":78},"https://support.apple.com/HT208221",[77,71],"cve.org",[79],"X Refsource CONFIRM",{"url":81,"sources":82,"tags":83},"http://www.debian.org/security/2017/dsa-3796",[77,71],[84,85],"Vendor Advisory","X Refsource DEBIAN",{"url":87,"sources":88,"tags":89},"https://www.exploit-db.com/exploits/40961/",[77,71],[90,91],"Exploit","X Refsource EXPLOIT DB",{"url":93,"sources":94,"tags":95},"http://www.securitytracker.com/id/1037508",[77,71],[96,97,98],"VDB Entry","X Refsource SECTRACK","Third Party Advisory",{"url":100,"sources":101,"tags":102},"https://access.redhat.com/errata/RHSA-2017:1413",[77,71],[84,103],"X Refsource REDHAT",{"url":105,"sources":106,"tags":107},"https://access.redhat.com/errata/RHSA-2017:1161",[77,71],[84,103],{"url":109,"sources":110,"tags":111},"https://www.tenable.com/security/tns-2017-04",[77,71],[79],{"url":113,"sources":114,"tags":115},"https://access.redhat.com/errata/RHSA-2017:1414",[77,71],[84,103],{"url":117,"sources":118,"tags":119},"https://h20566.www2.hpe.com/hpsc/doc/public/display?docLocale=en_US&docId=emr_na-hpesbux03725en_us",[77,71],[79,98],{"url":121,"sources":122,"tags":123},"http://www.securityfocus.com/bid/95078",[77,71],[96,124,98],"X Refsource BID",{"url":126,"sources":127,"tags":128},"http://rhn.redhat.com/errata/RHSA-2017-1415.html",[77,71],[84,103],{"url":130,"sources":131,"tags":132},"https://access.redhat.com/errata/RHSA-2017:0906",[77,71],[84,103],{"url":134,"sources":135,"tags":136},"https://httpd.apache.org/security/vulnerabilities_24.html#CVE-2016-0736",[77,71],[79,84],{"url":138,"sources":139,"tags":140},"https://security.gentoo.org/glsa/201701-36",[77,71],[84,141,98],"X Refsource GENTOO",{"url":143,"sources":144,"tags":145},"https://security.netapp.com/advisory/ntap-20180423-0001/",[77,71],[79],{"url":147,"sources":148,"tags":149},"https://lists.apache.org/thread.html/56c2e7cc9deb1c12a843d0dc251ea7fd3e7e80293cde02fcd65286ba%40%3Ccvs.httpd.apache.org%3E",[77,71],[150,151],"Mailing List","X Refsource MLIST",{"url":153,"sources":154,"tags":155},"https://lists.apache.org/thread.html/84a3714f0878781f6ed84473d1a503d2cc382277e100450209231830%40%3Ccvs.httpd.apache.org%3E",[77,71],[150,151],{"url":157,"sources":158,"tags":159},"https://lists.apache.org/thread.html/rd18c3c43602e66f9cdcf09f1de233804975b9572b0456cc582390b6f%40%3Ccvs.httpd.apache.org%3E",[77,71],[150,151],{"url":161,"sources":162,"tags":163},"https://lists.apache.org/thread.html/re3d27b6250aa8548b8845d314bb8a350b3df326cacbbfdfe4d455234%40%3Ccvs.httpd.apache.org%3E",[77,71],[150,151],{"url":165,"sources":166,"tags":167},"https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E",[77,71],[150,151],{"url":169,"sources":170,"tags":171},"https://lists.apache.org/thread.html/rc998b18880df98bafaade071346690c2bc1444adaa1a1ea464b93f0a%40%3Ccvs.httpd.apache.org%3E",[77,71],[150,151],{"url":173,"sources":174,"tags":175},"https://lists.apache.org/thread.html/re1e3a24664d35bcd0a0e793e0b5fc6ca6c107f99a1b2c545c5d4b467%40%3Ccvs.httpd.apache.org%3E",[77,71],[150,151],{"url":177,"sources":178,"tags":179},"https://lists.apache.org/thread.html/r04e89e873d54116a0635ef2f7061c15acc5ed27ef7500997beb65d6f%40%3Ccvs.httpd.apache.org%3E",[77,71],[150,151],{"url":181,"sources":182,"tags":183},"https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E",[77,71],[150,151],{"url":185,"sources":186,"tags":187},"https://lists.apache.org/thread.html/rcc44594d4d6579b90deccd4536b5d31f099ef563df39b094be286b9e%40%3Ccvs.httpd.apache.org%3E",[77,71],[150,151],{"url":189,"sources":190,"tags":191},"https://lists.apache.org/thread.html/rb14daf9cc4e28d18cdc15d6a6ca74e565672fabf7ad89541071d008b%40%3Ccvs.httpd.apache.org%3E",[77,71],[150,151],{"url":193,"sources":194,"tags":195},"https://lists.apache.org/thread.html/r76142b8c5119df2178be7c2dba88fde552eedeec37ea993dfce68d1d%40%3Ccvs.httpd.apache.org%3E",[77,71],[150,151],[],{"date":198,"score":68,"percentile":199},"2026-06-04",0.97492,[201,205,207,210,213,215,218,220,223,226,229,232,235,237,239,242,245,248,251,254,257,260,263,266,269,271,274,277,281,284,287,290,293,295,298,301,303,306,309,312,315,317,320,323,326,329,332,334,336,338,340,342,345,348,352,355,358,361,364,368,371,374,376,378,381,383,386,389,392,394,396,399,402,404,407,409,413,416,419,422,425,428,431,434,437,440,443,445,447,449],{"date":202,"score":203,"percentile":204},"2025-11-04",0.31844,0.96593,{"date":206,"score":203,"percentile":204},"2025-11-05",{"date":208,"score":203,"percentile":209},"2025-11-06",0.96595,{"date":211,"score":203,"percentile":212},"2025-11-07",0.96598,{"date":214,"score":203,"percentile":212},"2025-11-08",{"date":216,"score":203,"percentile":217},"2025-11-09",0.96597,{"date":219,"score":203,"percentile":217},"2025-11-10",{"date":221,"score":203,"percentile":222},"2025-11-11",0.96599,{"date":224,"score":203,"percentile":225},"2025-11-12",0.96601,{"date":227,"score":203,"percentile":228},"2025-11-13",0.96603,{"date":230,"score":203,"percentile":231},"2025-11-14",0.96604,{"date":233,"score":203,"percentile":234},"2025-11-15",0.96602,{"date":236,"score":203,"percentile":225},"2025-11-16",{"date":238,"score":203,"percentile":228},"2025-11-17",{"date":240,"score":203,"percentile":241},"2025-11-18",0.96573,{"date":243,"score":203,"percentile":244},"2025-11-19",0.96574,{"date":246,"score":203,"percentile":247},"2025-11-20",0.96576,{"date":249,"score":203,"percentile":250},"2025-11-21",0.96613,{"date":252,"score":203,"percentile":253},"2025-11-22",0.96612,{"date":255,"score":203,"percentile":256},"2025-11-23",0.96611,{"date":258,"score":203,"percentile":259},"2025-11-24",0.96616,{"date":261,"score":203,"percentile":262},"2025-11-25",0.96617,{"date":264,"score":203,"percentile":265},"2025-11-26",0.96619,{"date":267,"score":203,"percentile":268},"2025-11-27",0.96621,{"date":270,"score":203,"percentile":265},"2025-11-28",{"date":272,"score":203,"percentile":273},"2025-11-29",0.96618,{"date":275,"score":203,"percentile":276},"2025-11-30",0.9662,{"date":278,"score":279,"percentile":280},"2025-12-01",0.17617,0.94872,{"date":282,"score":279,"percentile":283},"2025-12-02",0.94873,{"date":285,"score":279,"percentile":286},"2025-12-03",0.94874,{"date":288,"score":68,"percentile":289},"2025-12-04",0.97258,{"date":291,"score":68,"percentile":292},"2025-12-05",0.97257,{"date":294,"score":68,"percentile":289},"2025-12-06",{"date":296,"score":68,"percentile":297},"2025-12-07",0.97259,{"date":299,"score":68,"percentile":300},"2025-12-08",0.97261,{"date":302,"score":68,"percentile":300},"2025-12-09",{"date":304,"score":68,"percentile":305},"2025-12-10",0.97265,{"date":307,"score":68,"percentile":308},"2025-12-11",0.97267,{"date":310,"score":68,"percentile":311},"2025-12-12",0.97268,{"date":313,"score":68,"percentile":314},"2025-12-13",0.9727,{"date":316,"score":68,"percentile":308},"2025-12-14",{"date":318,"score":68,"percentile":319},"2025-12-15",0.97269,{"date":321,"score":68,"percentile":322},"2025-12-16",0.97271,{"date":324,"score":68,"percentile":325},"2025-12-17",0.97273,{"date":327,"score":68,"percentile":328},"2025-12-18",0.97274,{"date":330,"score":68,"percentile":331},"2025-12-19",0.97275,{"date":333,"score":68,"percentile":325},"2025-12-20",{"date":335,"score":68,"percentile":322},"2025-12-21",{"date":337,"score":68,"percentile":322},"2025-12-22",{"date":339,"score":68,"percentile":325},"2025-12-23",{"date":341,"score":68,"percentile":328},"2025-12-24",{"date":343,"score":68,"percentile":344},"2025-12-25",0.97276,{"date":346,"score":68,"percentile":347},"2025-12-26",0.97278,{"date":349,"score":350,"percentile":351},"2025-12-27",0.42796,0.97363,{"date":353,"score":68,"percentile":354},"2025-12-28",0.97279,{"date":356,"score":68,"percentile":357},"2025-12-29",0.9728,{"date":359,"score":68,"percentile":360},"2025-12-30",0.97281,{"date":362,"score":68,"percentile":363},"2025-12-31",0.97285,{"date":365,"score":366,"percentile":367},"2026-01-01",0.2504,0.96025,{"date":369,"score":366,"percentile":370},"2026-01-02",0.9602,{"date":372,"score":366,"percentile":373},"2026-01-03",0.96017,{"date":375,"score":68,"percentile":363},"2026-01-04",{"date":377,"score":68,"percentile":363},"2026-01-05",{"date":379,"score":68,"percentile":380},"2026-01-06",0.97287,{"date":382,"score":68,"percentile":380},"2026-01-07",{"date":384,"score":68,"percentile":385},"2026-01-08",0.97289,{"date":387,"score":68,"percentile":388},"2026-01-09",0.97291,{"date":390,"score":68,"percentile":391},"2026-01-10",0.97292,{"date":393,"score":68,"percentile":388},"2026-01-11",{"date":395,"score":68,"percentile":391},"2026-01-12",{"date":397,"score":68,"percentile":398},"2026-01-13",0.97294,{"date":400,"score":68,"percentile":401},"2026-01-14",0.97298,{"date":403,"score":68,"percentile":401},"2026-01-15",{"date":405,"score":68,"percentile":406},"2026-01-16",0.97301,{"date":408,"score":68,"percentile":406},"2026-01-17",{"date":410,"score":411,"percentile":412},"2026-01-18",0.4227,0.97331,{"date":414,"score":411,"percentile":415},"2026-01-19",0.97332,{"date":417,"score":411,"percentile":418},"2026-01-20",0.97333,{"date":420,"score":411,"percentile":421},"2026-01-21",0.97334,{"date":423,"score":411,"percentile":424},"2026-01-22",0.97335,{"date":426,"score":411,"percentile":427},"2026-01-23",0.97338,{"date":429,"score":411,"percentile":430},"2026-01-24",0.97339,{"date":432,"score":411,"percentile":433},"2026-01-25",0.9734,{"date":435,"score":68,"percentile":436},"2026-01-26",0.97309,{"date":438,"score":68,"percentile":439},"2026-01-27",0.9731,{"date":441,"score":68,"percentile":442},"2026-01-28",0.97311,{"date":444,"score":68,"percentile":442},"2026-01-29",{"date":446,"score":68,"percentile":439},"2026-01-30",{"date":448,"score":68,"percentile":442},"2026-01-31",{"date":450,"score":366,"percentile":451},"2026-02-01",0.9605,[453],{"source":71,"cvss_v2_0":454,"cvss_v3_0":459,"cvss_v3_1":9,"cvss_v4_0":9},{"baseScore":455,"baseSeverity":9,"vectorString":456,"impactScore":457,"exploitabilityScore":458},5,"AV:N/AC:L/Au:N/C:P/I:N/A:N",2.9,10,{"baseScore":69,"baseSeverity":460,"vectorString":72,"impactScore":461,"exploitabilityScore":458},"HIGH",6,[463,472],{"ecosystem":9,"name":464,"vendor":465,"product":466,"cpe_part":467,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":468},"Apache HTTP Server","apache software foundation","apache http server","a",[469],{"version":470,"is_range":26,"range_type":77,"version_start":470,"version_start_type":471,"version_end":470,"version_end_type":471,"fixed_in":9},"2.4.0 to 2.4.23","including",{"ecosystem":9,"name":473,"vendor":9,"product":473,"cpe_part":9,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":474},"HTTP Server",[475,478,480,482,484,486,488,490,492,494,496,498,500,502,504,506,508],{"version":476,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.0","cpe",{"version":479,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.1",{"version":481,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.2",{"version":483,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.3",{"version":485,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.6",{"version":487,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.7",{"version":489,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.8",{"version":491,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.9",{"version":493,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.10",{"version":495,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.12",{"version":497,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.14",{"version":499,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.16",{"version":501,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.19",{"version":503,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.20",{"version":505,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.21",{"version":507,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.22",{"version":509,"is_range":26,"range_type":477,"version_start":9,"version_start_type":9,"version_end":9,"version_end_type":9,"fixed_in":9},"2.4.23"]