Automated analysis has detected that the following third party packages have had vulnerabilities publicly reported. 

NOTE: There may be several bugs listed below - in almost all cases, all bugs can be quickly addressed by upgrading to the latest version of the package.

Package Name: apache-win32
Package Version: [cpe:/a:apache:http_server:2.2.25]

Advisory: CVE-2016-4975
  Details: https://vomit.googleplex.com/advisory?id=CVE/CVE-2016-4975
  CVSS severity score: 4.3/10.0
  Confidence: high
  Description:

Possible CRLF injection allowing HTTP response splitting attacks for sites which use mod_userdir. This issue was mitigated by changes made in 2.4.25 and 2.2.32 which prohibit CR or LF injection into the "Location" or other outbound header key or value. Fixed in Apache HTTP Server 2.4.25 (Affected 2.4.1-2.4.23). Fixed in Apache HTTP Server 2.2.32 (Affected 2.2.0-2.2.31).