Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2011-3639

Опубликовано: 30 нояб. 2011
Источник: nvd
CVSS2: 4.3
EPSS Низкий

Описание

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

Ссылки

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:apache:http_server:2.0.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.18:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.19:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.20:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.21:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.22:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.23:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.24:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.25:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.26:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.27:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.29:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.30:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.31:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.33:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.34:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server2.0a1:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server2.0a2:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server2.0a3:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server2.0a4:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server2.0a5:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server2.0a6:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server2.0a7:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server2.0a8:*:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server2.0a9:*:*:*:*:*:*:*:*

EPSS

Процентиль: 92%
0.08615
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20

Связанные уязвимости

ubuntu логотип

CVE-2011-3639

ubuntu
больше 14 лет назад

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

redhat логотип

CVE-2011-3639

redhat
больше 14 лет назад

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

debian логотип

CVE-2011-3639

debian
больше 14 лет назад

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 an ...

github логотип

GHSA-rqg3-pfxx-wwq3

github
почти 4 года назад

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

oracle-oval логотип

ELSA-2012-0323

oracle-oval
около 14 лет назад

ELSA-2012-0323: httpd security update (MODERATE)

EPSS

Процентиль: 92%
0.08615
Низкий

4.3 Medium

CVSS2

Дефекты

CWE-20