Логотип exploitDog
bind:"CVE-2011-3639" OR bind:"CVE-2011-3607" OR bind:"CVE-2012-0031" OR bind:"CVE-2012-0053"
Консоль
Логотип exploitDog

exploitDog

bind:"CVE-2011-3639" OR bind:"CVE-2011-3607" OR bind:"CVE-2012-0031" OR bind:"CVE-2012-0053"

Количество 22

Количество 22

oracle-oval логотип

ELSA-2012-0323

больше 13 лет назад

ELSA-2012-0323: httpd security update (MODERATE)

EPSS: Низкий
oracle-oval логотип

ELSA-2012-0128

больше 13 лет назад

ELSA-2012-0128: httpd security update (MODERATE)

EPSS: Низкий
ubuntu логотип

CVE-2011-3639

больше 13 лет назад

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

CVSS2: 4.3
EPSS: Средний
redhat логотип

CVE-2011-3639

почти 14 лет назад

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

CVSS2: 2.6
EPSS: Средний
nvd логотип

CVE-2011-3639

больше 13 лет назад

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

CVSS2: 4.3
EPSS: Средний
debian логотип

CVE-2011-3639

больше 13 лет назад

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 an ...

CVSS2: 4.3
EPSS: Средний
github логотип

GHSA-rqg3-pfxx-wwq3

больше 3 лет назад

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

EPSS: Средний
ubuntu логотип

CVE-2011-3607

почти 14 лет назад

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

CVSS2: 4.4
EPSS: Низкий
redhat логотип

CVE-2011-3607

почти 14 лет назад

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

CVSS2: 4.4
EPSS: Низкий
nvd логотип

CVE-2011-3607

почти 14 лет назад

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

CVSS2: 4.4
EPSS: Низкий
debian логотип

CVE-2011-3607

почти 14 лет назад

Integer overflow in the ap_pregsub function in server/util.c in the Ap ...

CVSS2: 4.4
EPSS: Низкий
github логотип

GHSA-chqj-ghv5-hm5m

больше 3 лет назад

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

EPSS: Низкий
ubuntu логотип

CVE-2012-0053

больше 13 лет назад

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

CVSS2: 4.3
EPSS: Высокий
redhat логотип

CVE-2012-0053

больше 13 лет назад

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

CVSS2: 4.3
EPSS: Высокий
nvd логотип

CVE-2012-0053

больше 13 лет назад

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

CVSS2: 4.3
EPSS: Высокий
debian логотип

CVE-2012-0053

больше 13 лет назад

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not pro ...

CVSS2: 4.3
EPSS: Высокий
ubuntu логотип

CVE-2012-0031

больше 13 лет назад

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

CVSS2: 4.6
EPSS: Низкий
redhat логотип

CVE-2012-0031

больше 13 лет назад

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

CVSS2: 2.6
EPSS: Низкий
nvd логотип

CVE-2012-0031

больше 13 лет назад

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

CVSS2: 4.6
EPSS: Низкий
debian логотип

CVE-2012-0031

больше 13 лет назад

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow ...

CVSS2: 4.6
EPSS: Низкий

Уязвимостей на страницу

Уязвимость
CVSS
EPSS
Опубликовано
oracle-oval логотип
ELSA-2012-0323

ELSA-2012-0323: httpd security update (MODERATE)

больше 13 лет назад
oracle-oval логотип
ELSA-2012-0128

ELSA-2012-0128: httpd security update (MODERATE)

больше 13 лет назад
ubuntu логотип
CVE-2011-3639

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

CVSS2: 4.3
33%
Средний
больше 13 лет назад
redhat логотип
CVE-2011-3639

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

CVSS2: 2.6
33%
Средний
почти 14 лет назад
nvd логотип
CVE-2011-3639

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

CVSS2: 4.3
33%
Средний
больше 13 лет назад
debian логотип
CVE-2011-3639

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 an ...

CVSS2: 4.3
33%
Средний
больше 13 лет назад
github логотип
GHSA-rqg3-pfxx-wwq3

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

33%
Средний
больше 3 лет назад
ubuntu логотип
CVE-2011-3607

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

CVSS2: 4.4
0%
Низкий
почти 14 лет назад
redhat логотип
CVE-2011-3607

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

CVSS2: 4.4
0%
Низкий
почти 14 лет назад
nvd логотип
CVE-2011-3607

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

CVSS2: 4.4
0%
Низкий
почти 14 лет назад
debian логотип
CVE-2011-3607

Integer overflow in the ap_pregsub function in server/util.c in the Ap ...

CVSS2: 4.4
0%
Низкий
почти 14 лет назад
github логотип
GHSA-chqj-ghv5-hm5m

Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted HTTP request header, leading to a heap-based buffer overflow.

0%
Низкий
больше 3 лет назад
ubuntu логотип
CVE-2012-0053

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

CVSS2: 4.3
75%
Высокий
больше 13 лет назад
redhat логотип
CVE-2012-0053

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

CVSS2: 4.3
75%
Высокий
больше 13 лет назад
nvd логотип
CVE-2012-0053

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not properly restrict header information during construction of Bad Request (aka 400) error documents, which allows remote attackers to obtain the values of HTTPOnly cookies via vectors involving a (1) long or (2) malformed header in conjunction with crafted web script.

CVSS2: 4.3
75%
Высокий
больше 13 лет назад
debian логотип
CVE-2012-0053

protocol.c in the Apache HTTP Server 2.2.x through 2.2.21 does not pro ...

CVSS2: 4.3
75%
Высокий
больше 13 лет назад
ubuntu логотип
CVE-2012-0031

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

CVSS2: 4.6
2%
Низкий
больше 13 лет назад
redhat логотип
CVE-2012-0031

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

CVSS2: 2.6
2%
Низкий
больше 13 лет назад
nvd логотип
CVE-2012-0031

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow local users to cause a denial of service (daemon crash during shutdown) or possibly have unspecified other impact by modifying a certain type field within a scoreboard shared memory segment, leading to an invalid call to the free function.

CVSS2: 4.6
2%
Низкий
больше 13 лет назад
debian логотип
CVE-2012-0031

scoreboard.c in the Apache HTTP Server 2.2.21 and earlier might allow ...

CVSS2: 4.6
2%
Низкий
больше 13 лет назад

Уязвимостей на страницу