Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: apache-win32
Package Version: [cpe:/a:apache:http_server:2.2.25]

Advisory: CVE-2017-3169
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-3169
  CVSS severity score: 7.5/10.0
  Confidence: high
  Description:

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_ssl may dereference a NULL pointer when third-party modules call ap_hook_process_connection() during an HTTP request to an HTTPS port.
Advisory: CVE-2017-7668
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7668
  CVSS severity score: 7.5/10.0
  Confidence: high
  Description:

The HTTP strict parsing changes added in Apache httpd 2.2.32 and 2.4.24 introduced a bug in token list parsing, which allows ap_find_token() to search past the end of its input string. By maliciously crafting a sequence of request headers, an attacker may be able to cause a segmentation fault, or to force ap_find_token() to return an incorrect value.
Advisory: CVE-2017-7679
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2017-7679
  CVSS severity score: 7.5/10.0
  Confidence: high
  Description:

In Apache httpd 2.2.x before 2.2.33 and 2.4.x before 2.4.26, mod_mime can read one byte past the end of a buffer when sending a malicious Content-Type response header.