Описание
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Ссылки
- Third Party Advisory
- Release NotesVendor Advisory
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing List
- Mailing ListThird Party Advisory
- Release Notes
- Release Notes
- Third Party Advisory
- Third Party Advisory
- Broken LinkThird Party Advisory
- Mailing ListThird Party Advisory
- PatchThird Party Advisory
- PatchThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:o:resf:rocky_linux:8.0:*:*:*:*:*:*:*
Конфигурация 2
Одновременно
cpe:2.3:a:redhat:jboss_core_services:1.0:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:redhat:enterprise_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
Конфигурация 3
Одновременно
cpe:2.3:a:redhat:software_collections:1.0:*:*:*:*:*:*:*
Одно из
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_workstation:7.0:*:*:*:*:*:*:*
Конфигурация 4
Одно из
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
Конфигурация 5Версия до 2.4.48 (включая)
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*
Конфигурация 6
Одно из
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
Конфигурация 7
Одно из
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
Конфигурация 8
Одно из
cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*
Конфигурация 9Версия от 1.1.0 (включая) до 1.1.4 (включая)Версия от 1.2.0 (включая) до 1.2.1 (включая)
Одно из
cpe:2.3:o:f5:f5os:*:*:*:*:*:*:*:*
cpe:2.3:o:f5:f5os:*:*:*:*:*:*:*:*
Конфигурация 10
Одно из
cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*
cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*
cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*
cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*
Конфигурация 11Версия до 1.0.3 (исключая)Версия до 3.1 (исключая)
Одно из
cpe:2.3:a:siemens:ruggedcom_nms:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:*:*:*:*:*:*:*
cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*
Конфигурация 12Версия до 5.19.1 (включая)
cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*
EPSS
Процентиль: 100%
0.94443
Критический
9 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-918
CWE-918
Связанные уязвимости
CVSS3: 9
ubuntu
почти 4 года назад
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVSS3: 9
redhat
почти 4 года назад
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
CVSS3: 9
debian
почти 4 года назад
A crafted request uri-path can cause mod_proxy to forward the request ...
CVSS3: 9
github
около 3 лет назад
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
EPSS
Процентиль: 100%
0.94443
Критический
9 Critical
CVSS3
6.8 Medium
CVSS2
Дефекты
CWE-918
CWE-918