Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2011-3639

Опубликовано: 26 окт. 2011
Источник: redhat
CVSS2: 2.6
EPSS Средний

Описание

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Certificate System 7.3httpdNot affected
Red Hat Directory Server 8httpdNot affected
Red Hat Enterprise Linux 4httpdWill not fix
Red Hat JBoss Enterprise Web Server 1httpdNot affected
Red Hat Enterprise Linux 5httpdFixedRHSA-2012:032321.02.2012
Red Hat Enterprise Linux 6httpdFixedRHSA-2012:012813.02.2012

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=752080httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix

EPSS

Процентиль: 94%
0.15953
Средний

2.6 Low

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2011-3639

ubuntu
больше 13 лет назад

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

nvd логотип

CVE-2011-3639

nvd
больше 13 лет назад

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

debian логотип

CVE-2011-3639

debian
больше 13 лет назад

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 an ...

github логотип

GHSA-rqg3-pfxx-wwq3

github
больше 3 лет назад

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

oracle-oval логотип

ELSA-2012-0323

oracle-oval
больше 13 лет назад

ELSA-2012-0323: httpd security update (MODERATE)

EPSS

Процентиль: 94%
0.15953
Средний

2.6 Low

CVSS2