ID

VAR-201111-0207


CVE

CVE-2011-4317


TITLE

Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-201111-435

DESCRIPTION

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368. Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2405-1 security@debian.org http://www.debian.org/security/ Stefan Fritsch February 06, 2012 http://www.debian.org/security/faq - ------------------------------------------------------------------------- Package : apache2 Vulnerability : multiple issues Problem type : remote Debian-specific: no CVE ID : CVE-2011-3607 CVE-2011-3368 CVE-2011-3639 CVE-2011-4317 CVE-2012-0031 CVE-2012-0053 Several vulnerabilities have been found in the Apache HTTPD Server: CVE-2011-3607: An integer overflow in ap_pregsub() could allow local attackers to execute arbitrary code at elevated privileges via crafted .htaccess files. In certain reverse proxy configurations using the ProxyPassMatch directive or using the RewriteRule directive with the [P] flag, a remote attacker could make the proxy connect to an arbitrary server. The could allow the attacker to access internal servers that are not otherwise accessible from the outside. The three CVE ids denote slightly different variants of the same issue. Note that, even with this issue fixed, it is the responsibility of the administrator to ensure that the regular expression replacement pattern for the target URI does not allow a client to append arbitrary strings to the host or port parts of the target URI. This is a violation of the privilege separation between the apache2 processes and could potentially be used to worsen the impact of other vulnerabilities. This could allow a remote attacker using cross site scripting to steal authentication cookies. For the oldstable distribution (lenny), these problems have been fixed in version apache2 2.2.9-10+lenny12. For the stable distribution (squeeze), these problems have been fixed in version apache2 2.2.16-6+squeeze6 For the testing distribution (wheezy), these problems will be fixed in version 2.2.22-1. For the unstable distribution (sid), these problems have been fixed in version 2.2.22-1. We recommend that you upgrade your apache2 packages. This update also contains updated apache2-mpm-itk packages which have been recompiled against the updated apache2 packages. The new version number for the oldstable distribution is 2.2.6-02-1+lenny7. In the stable distribution, apache2-mpm-itk has the same version number as apache2. Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: http://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iD8DBQFPL5VKbxelr8HyTqQRAtSQAKCTC40WD3Dvw/RAJLOKAeNPjiAV3QCgnxnH 1J1ePueRsF6675j4bJUBv3Y= =DBi0 -----END PGP SIGNATURE----- . ---------------------------------------------------------------------- Secunia is hiring! Find your next job here: http://secunia.com/company/jobs/ ---------------------------------------------------------------------- TITLE: Apache HTTP Server mod_proxy Reverse Proxy Mode Security Bypass Weakness SECUNIA ADVISORY ID: SA46987 VERIFY ADVISORY: Secunia.com http://secunia.com/advisories/46987/ Customer Area (Credentials Required) https://ca.secunia.com/?page=viewadvisory&vuln_id=46987 RELEASE DATE: 2011-11-24 DISCUSS ADVISORY: http://secunia.com/advisories/46987/#comments AVAILABLE ON SITE AND IN CUSTOMER AREA: * Last Update * Popularity * Comments * Criticality Level * Impact * Where * Solution Status * Operating System / Software * CVE Reference(s) http://secunia.com/advisories/46987/ ONLY AVAILABLE IN CUSTOMER AREA: * Authentication Level * Report Reliability * Secunia PoC * Secunia Analysis * Systems Affected * Approve Distribution * Remediation Status * Secunia CVSS Score * CVSS https://ca.secunia.com/?page=viewadvisory&vuln_id=46987 ONLY AVAILABLE WITH SECUNIA CSI AND SECUNIA PSI: * AUTOMATED SCANNING http://secunia.com/vulnerability_scanning/personal/ http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/ DESCRIPTION: Prutha Parikh has reported a weakness in Apache HTTP Server, which can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to the mod_proxy module, when configured in reverse proxy mode, incorrectly processing certain web requests. This can be exploited to send requests to an unintended server behind the proxy via a specially crafted URL. This is caused due to an incomplete fix for: SA46288 The weakness is reported in all 2.x versions. SOLUTION: Edit reverse proxy rules. PROVIDED AND/OR DISCOVERED BY: Prutha Parikh, Qualys. ORIGINAL ADVISORY: Apache: http://thread.gmane.org/gmane.comp.apache.devel/46440 Qualys: https://community.qualys.com/blogs/securitylabs/tags/cve-2011-4317 OTHER REFERENCES: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ DEEP LINKS: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED DESCRIPTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXTENDED SOLUTION: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ EXPLOIT: Further details available in Customer Area: http://secunia.com/vulnerability_intelligence/ ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help private users keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/advisories/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/advisories/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ---------------------------------------------------------------------- . HP System Management Homepage (SMH) before v7.1.1 running on Linux, Windows and VMware ESX. This version of Apache is principally a security and bug fix release, including the following significant security fixes: * SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in some reverse proxy configurations. * SECURITY: CVE-2011-3607 (cve.mitre.org) Fix integer overflow in ap_pregsub() which, when the mod_setenvif module is enabled, could allow local users to gain privileges via a .htaccess file. * SECURITY: CVE-2011-4317 (cve.mitre.org) Resolve additional cases of URL rewriting with ProxyPassMatch or RewriteRule, where particular request-URIs could result in undesired backend network exposure in some configurations. * SECURITY: CVE-2012-0021 (cve.mitre.org) mod_log_config: Fix segfault (crash) when the '%{cookiename}C' log format string is in use and a client sends a nameless, valueless cookie, causing a denial of service. The issue existed since version 2.2.17. * SECURITY: CVE-2012-0031 (cve.mitre.org) Fix scoreboard issue which could allow an unprivileged child process could cause the parent to crash at shutdown rather than terminate cleanly. * SECURITY: CVE-2012-0053 (cve.mitre.org) Fixed an issue in error responses that could expose "httpOnly" cookies when no custom ErrorDocument is specified for status code 400. The Apache HTTP Project thanks halfdog, Context Information Security Ltd, Prutha Parikh of Qualys, and Norman Hippert for bringing these issues to the attention of the security team. We consider this release to be the best version of Apache available, and encourage users of all prior versions to upgrade. Apache HTTP Server 2.2.22 is available for download from: http://httpd.apache.org/download.cgi Please see the CHANGES_2.2 file, linked from the download page, for a full list of changes. A condensed list, CHANGES_2.2.22 includes only those changes introduced since the prior 2.2 release. A summary of all of the security vulnerabilities addressed in this and earlier releases is available: http://httpd.apache.org/security/vulnerabilities_22.html This release includes the Apache Portable Runtime (APR) version 1.4.5 and APR Utility Library (APR-util) version 1.4.2, bundled with the tar and zip distributions. The APR libraries libapr and libaprutil (and on Win32, libapriconv version 1.2.1) must all be updated to ensure binary compatibility and address many known security and platform bugs. APR-util version 1.4 represents a minor version upgrade from earlier httpd source distributions, which previously included version 1.3. Apache 2.2 offers numerous enhancements, improvements, and performance boosts over the 2.0 codebase. For an overview of new features introduced since 2.0 please see: http://httpd.apache.org/docs/2.2/new_features_2_2.html This release builds on and extends the Apache 2.0 API. Modules written for Apache 2.0 will need to be recompiled in order to run with Apache 2.2, and require minimal or no source code changes. http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/VERSIONING When upgrading or installing this version of Apache, please bear in mind that if you intend to use Apache with one of the threaded MPMs (other than the Prefork MPM), you must ensure that any modules you will be using (and the libraries they depend on) are thread-safe. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 [slackware-security] httpd (SSA:2012-041-01) New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues. Here are the details from the Slackware 13.37 ChangeLog: +--------------------------+ patches/packages/apr-util-1.4.1-i486-1_slack13.37.txz: Upgraded. patches/packages/httpd-2.2.22-i486-1_slack13.37.txz: Upgraded. PR 52256. [Eric Covener] For more information, see: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3607 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0021 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0031 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-0053 (* Security fix *) +--------------------------+ Where to find the new packages: +-----------------------------+ Thanks to the friendly folks at the OSU Open Source Lab (http://osuosl.org) for donating FTP and rsync hosting to the Slackware project! :-) Also see the "Get Slack" section on http://slackware.com for additional mirror sites near you. +-----+ Slackware Linux Security Team http://slackware.com/gpg-key security@slackware.com +------------------------------------------------------------------------+ | To leave the slackware-security mailing list: | +------------------------------------------------------------------------+ | Send an email to majordomo@slackware.com with this text in the body of | | the email message: | | | | unsubscribe slackware-security | | | | You will get a confirmation message back containing instructions to | | complete the process. Please do not reply to this email address. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c03517954 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03517954 Version: 1 HPSBOV02822 SSRT100966 rev.1 - HP Secure Web Server (SWS) for OpenVMS, Remote Denial of Service (DoS), Unauthorized Access, Disclosure of Information NOTICE: The information in this Security Bulletin should be acted upon as soon as possible. Release Date: 2012-10-08 Last Updated: 2012-10-08 Potential Security Impact: Remote Denial of Service (DoS), unauthorized access, disclosure of information Source: Hewlett-Packard Company, HP Software Security Response Team VULNERABILITY SUMMARY Potential vulnerabilities have been identified with HP Secure Web Server (SWS) for OpenVMS. The vulnerabilities could be remotely exploited to create a Denial of Service (DoS), unauthorized access, or unauthorized disclosure of information. References: CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3368, CVE-2011-3607, CVE-2011-4317, CVE-2012-0031 SUPPORTED SOFTWARE VERSIONS*: ONLY impacted versions are listed. HP Secure Web Server (SWS) for OpenVMS V2.2 and earlier. BACKGROUND CVSS 2.0 Base Metrics =========================================================== Reference Base Vector Base Score CVE-2011-0419 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-1928 (AV:N/AC:M/Au:N/C:N/I:N/A:P) 4.3 CVE-2011-3192 (AV:N/AC:L/Au:N/C:N/I:N/A:C) 7.8 CVE-2011-3368 (AV:N/AC:L/Au:N/C:P/I:N/A:N) 5.0 CVE-2011-3607 (AV:L/AC:M/Au:N/C:P/I:P/A:P) 4.4 CVE-2011-4317 (AV:N/AC:M/Au:N/C:N/I:P/A:N) 4.3 CVE-2012-0031 (AV:L/AC:L/Au:N/C:P/I:P/A:P) 4.6 =========================================================== Information on CVSS is documented in HP Customer Notice: HPSN-2008-002 RESOLUTION HP has made the following software update available to resolve these vulnerabilities. HP Secure Web Server (SWS) for OpenVMS V2.2 Update 2 is available at http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html for the following platforms: Platform Kit Name OpenVMS Integrity servers HP-I64VMS-CSWS22_UPDATE-V0200--4.PCSI_SFX_I64EXE OpenVMS Alpha servers CPQ-AXPVMS-CSWS22_UPDATE-V0200--4.PCSI_SFX_AXPEXE HISTORY Version:1 (rev.1) - 8 October 2012 Initial release Third Party Security Patches: Third party security patches that are to be installed on systems running HP software products should be applied in accordance with the customer's patch management policy. Support: For issues about implementing the recommendations of this Security Bulletin, contact normal HP Services support channel. For other issues about the content of this Security Bulletin, send e-mail to security-alert@hp.com. Report: To report a potential security vulnerability with any HP supported product, send Email to: security-alert@hp.com Subscribe: To initiate a subscription to receive future HP Security Bulletin alerts via Email: http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins Security Bulletin List: A list of HP Security Bulletins, updated periodically, is contained in HP Security Notice HPSN-2011-001: https://h20566.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emr_na-c02964430 Security Bulletin Archive: A list of recently released Security Bulletins is available here: http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secBullArchive/ Software Product Category: The Software Product Category is represented in the title by the two characters following HPSB. 3C = 3COM 3P = 3rd Party Software GN = HP General Software HF = HP Hardware and Firmware MP = MPE/iX MU = Multi-Platform Software NS = NonStop Servers OV = OpenVMS PI = Printing and Imaging PV = ProCurve ST = Storage Software TU = Tru64 UNIX UX = HP-UX Copyright 2012 Hewlett-Packard Development Company, L.P. Hewlett-Packard Company shall not be liable for technical or editorial errors or omissions contained herein. The information provided is provided "as is" without warranty of any kind. To the extent permitted by law, neither HP or its affiliates, subcontractors or suppliers will be liable for incidental,special or consequential damages including downtime cost; lost profits;damages relating to the procurement of substitute products or services; or damages for loss of data, or software restoration. The information in this document is subject to change without notice. Hewlett-Packard Company and the names of Hewlett-Packard products referenced herein are trademarks of Hewlett-Packard Company in the United States and other countries. Other product and company names mentioned herein may be trademarks of their respective owners. ============================================================================ Ubuntu Security Notice USN-1368-1 February 16, 2012 apache2 vulnerabilities ============================================================================ A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 11.10 - Ubuntu 11.04 - Ubuntu 10.10 - Ubuntu 10.04 LTS - Ubuntu 8.04 LTS Summary: Several security issues were fixed in the Apache HTTP Server. An attacker having write access to a .htaccess file may exploit this to possibly execute arbitrary code. (CVE-2011-3607) Prutha Parikh discovered that the mod_proxy module did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. (CVE-2011-4317) Rainer Canavan discovered that the mod_log_config module incorrectly handled a certain format string when used with a threaded MPM. (CVE-2012-0021) It was discovered that the Apache HTTP Server incorrectly handled certain type fields within a scoreboard shared memory segment. A local attacker could exploit this to to cause a denial of service. (CVE-2012-0053) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 11.10: apache2.2-common 2.2.20-1ubuntu1.2 Ubuntu 11.04: apache2.2-common 2.2.17-1ubuntu1.5 Ubuntu 10.10: apache2.2-common 2.2.16-1ubuntu3.5 Ubuntu 10.04 LTS: apache2.2-common 2.2.14-5ubuntu8.8 Ubuntu 8.04 LTS: apache2.2-common 2.2.8-1ubuntu0.23 In general, a standard system update will make all the necessary changes. References: http://www.ubuntu.com/usn/usn-1368-1 CVE-2011-3607, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, CVE-2012-0053 Package Information: https://launchpad.net/ubuntu/+source/apache2/2.2.20-1ubuntu1.2 https://launchpad.net/ubuntu/+source/apache2/2.2.17-1ubuntu1.5 https://launchpad.net/ubuntu/+source/apache2/2.2.16-1ubuntu3.5 https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.8 https://launchpad.net/ubuntu/+source/apache2/2.2.8-1ubuntu0.23

Trust: 2.16

sources: NVD: CVE-2011-4317 // BID: 51869 // BID: 50802 // VULMON: CVE-2011-4317 // PACKETSTORM: 109464 // PACKETSTORM: 107274 // PACKETSTORM: 121573 // PACKETSTORM: 109330 // PACKETSTORM: 109725 // PACKETSTORM: 117251 // PACKETSTORM: 109837

AFFECTED PRODUCTS

vendor:apachemodel:http serverscope:eqversion:2.0.40

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.0.38

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.0.45

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.0.41

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.0.37

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.0.36

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.0.39

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.0.42

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.0.44

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.0.43

Trust: 1.6

vendor:apachemodel:http serverscope:eqversion:2.0.54

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.56

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.59

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.29

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.2

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.9

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.2

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.60

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.6

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.7

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.18

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.55

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.65

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.31

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.10

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.41

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.11

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.6

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.15

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.9

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.38

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.52

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.32

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.63

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.58

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.64

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.3

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.16

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.57

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.27

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.42

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.19

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.32

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.0

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.8

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.10

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.14

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.34

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.8

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.20

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.4

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.1.1

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.12

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.48

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.4

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.39

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.28

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.49

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.34

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.5

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.13

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.15

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.11

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.36

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.35

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.35

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.12

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.1

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.20

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.22

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.26

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.50

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.18

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.9

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.13

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.23

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.16

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.33

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.21

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.47

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.24

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.61

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.14

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.19

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.3

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.28

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.51

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.46

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.17

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.25

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.0.53

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.1

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.37

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:2.2.0

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.68

Trust: 1.0

vendor:apachemodel:http serverscope:eqversion:1.3.30

Trust: 1.0

vendor:hpmodel:system management homepagescope:eqversion:6.2

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.18

Trust: 0.6

vendor:apachemodel:software foundation apache 2.0.62-devscope: - version: -

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2

Trust: 0.6

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.0.0

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.58

Trust: 0.6

vendor:apachemodel:software foundation apache -betascope:eqversion:2.0.32

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.54

Trust: 0.6

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.6

vendor:apachemodel:software foundation apache betascope:eqversion:2.0.28

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.42

Trust: 0.6

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.11

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.28

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.38

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.52

Trust: 0.6

vendor:apachemodel:software foundation apache a9scope:eqversion:2.0

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.63

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.36

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:6.1.0-103

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.41

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:6.0.0.95

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:3.0.1.73

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.8

Trust: 0.6

vendor:apachemodel:software foundation apache 2.2.5-devscope: - version: -

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.9

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.15

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.57

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:6.0.0-95

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.9

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.59

Trust: 0.6

vendor:hpmodel:system management homepagescope:neversion:7.0

Trust: 0.6

vendor:apachemodel:software foundation apache 2.0.60-devscope: - version: -

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.49

Trust: 0.6

vendor:apachemodel:software foundation apache 2.0.61-devscope: - version: -

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.50

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:3.0.0-68

Trust: 0.6

vendor:redmodel:hat enterprise linux hpc nodescope:eqversion:6

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.10

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.6

Trust: 0.6

vendor:apachemodel:software foundation apache -betascope:eqversion:2.0.34

Trust: 0.6

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:3.0.2-77

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.5

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.16

Trust: 0.6

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.1.0

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:6.1

Trust: 0.6

vendor:redmodel:hat enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.6

vendor:apachemodel:software foundation apache -devscope:eqversion:2.0.56

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.60

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.51

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.12

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:3.0.2.77

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:3.0.1-73

Trust: 0.6

vendor:ibmmodel:storwize unifiedscope:eqversion:v70001.3.0.5

Trust: 0.6

vendor:apachemodel:software foundation apache -betascope:eqversion:2.0.28

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:6.2.27

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.53

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.35

Trust: 0.6

vendor:apachemodel:software foundation apache 2.2.6-devscope: - version: -

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:6.0.96

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.55

Trust: 0.6

vendor:redmodel:hat enterprise linux workstationscope:eqversion:6

Trust: 0.6

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.56

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.37

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.17

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.39

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.103

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.32

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.21

Trust: 0.6

vendor:apachemodel:software foundation apache 2.2.15-devscope: - version: -

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.20

Trust: 0.6

vendor:hpmodel:system management homepage bscope:eqversion:3.0.2.77

Trust: 0.6

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.6

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:6.0

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.3

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.48

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.45

Trust: 0.6

vendor:apachemodel:software foundation apache 2.2.7-devscope: - version: -

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.43

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.47

Trust: 0.6

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:3.0.64

Trust: 0.6

vendor:avayamodel:aura experience portalscope:eqversion:6.0

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.46

Trust: 0.6

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.2

Trust: 0.6

vendor:redmodel:hat enterprise linux serverscope:eqversion:6

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.44

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:6.3

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.40

Trust: 0.6

vendor:redmodel:hat enterprise linux desktop optionalscope:eqversion:6

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:0

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.19

Trust: 0.6

vendor:redmodel:hat enterprise linux desktopscope:eqversion:6

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.1

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.14

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.61

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:6.2.0-12

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.4

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:3.0.68

Trust: 0.6

vendor:apachemodel:software foundation apache 2.0.64-devscope: - version: -

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.0.64

Trust: 0.6

vendor:hpmodel:system management homepagescope:eqversion:6.1.0.102

Trust: 0.6

vendor:apachemodel:software foundation apachescope:eqversion:2.2.13

Trust: 0.6

vendor:avayamodel:aura session manager sp2scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.3

Trust: 0.3

vendor:avayamodel:voice portal sp2scope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0.1

Trust: 0.3

vendor:redmodel:hat enterprise linux desktop clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.1

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.2

Trust: 0.3

vendor:redmodel:hat enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.1

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.1

Trust: 0.3

vendor:avayamodel:aura application enablement servicesscope:eqversion:5.2.1

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:voice portal sp1scope:eqversion:5.1

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.1.2

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:7.0

Trust: 0.3

vendor:avayamodel:aura communication managerscope:eqversion:6.0.1

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop workstation clientscope:eqversion:5

Trust: 0.3

vendor:avayamodel:voice portalscope:eqversion:5.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:5.2

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:8.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:1.0

Trust: 0.3

vendor:avayamodel:aura messagingscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.2

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura communication manager utility servicesscope:eqversion:6.2

Trust: 0.3

vendor:avayamodel:ip office application serverscope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session manager sp1scope:eqversion:6.0

Trust: 0.3

vendor:avayamodel:aura session managerscope:eqversion:6.1.3

Trust: 0.3

vendor:avayamodel:aura session manager sp2scope:eqversion:5.2

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.10

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.0

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.6.8

Trust: 0.3

vendor:oraclemodel:oracle10g application serverscope:eqversion:10.1.3.5.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.2

Trust: 0.3

vendor:mandrakesoftmodel:enterprise serverscope:eqversion:5

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.19

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.11

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.10

Trust: 0.3

vendor:hpmodel:system management homepagescope:eqversion:7.0

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.15

Trust: 0.3

vendor:ubuntumodel:linux lts amd64scope:eqversion:8.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2011

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.10

Trust: 0.3

vendor:ubuntumodel:linux lts powerpcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.04

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.37

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:11.04

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux lts sparcscope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux amd64scope:eqversion:10.10

Trust: 0.3

vendor:ubuntumodel:linux lts i386scope:eqversion:8.04

Trust: 0.3

vendor:junipermodel:networks junosscope:eqversion:11.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.5

Trust: 0.3

vendor:slackwaremodel:linux -currentscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux i386scope:eqversion:11.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.4

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.17

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.10

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:12.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:oraclemodel:fusion middlewarescope:eqversion:11.1.1.5.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.b3.61scope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.10

Trust: 0.3

vendor:oraclemodel:enterprise linuxscope:eqversion:6

Trust: 0.3

vendor:ubuntumodel:linux sparcscope:eqversion:10.04

Trust: 0.3

vendor:mandrivamodel:linux mandrake x86 64scope:eqversion:2010.1

Trust: 0.3

vendor:gentoomodel:linuxscope: - version: -

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:10.04

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.2

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.2

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2011

Trust: 0.3

vendor:ubuntumodel:linux lts lpiascope:eqversion:8.04

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:10.04

Trust: 0.3

vendor:ubuntumodel:linux powerpcscope:eqversion:11.04

Trust: 0.3

vendor:ibmmodel:http serverscope:eqversion:7.0.0.13

Trust: 0.3

vendor:hpmodel:openvms secure web serverscope:eqversion:2.2

Trust: 0.3

vendor:ibmmodel:http serverscope:neversion:7.0.0.21

Trust: 0.3

vendor:ubuntumodel:linux armscope:eqversion:11.04

Trust: 0.3

vendor:oraclemodel:oracle9i application serverscope:eqversion:1.0.2.2

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.3

Trust: 0.3

vendor:mandrakesoftmodel:enterprise server x86 64scope:eqversion:5

Trust: 0.3

vendor:applemodel:mac os serverscope:eqversion:x10.7.3

Trust: 0.3

vendor:xeroxmodel:freeflow print server 73.c0.41scope: - version: -

Trust: 0.3

vendor:oraclemodel:fusion middlewarescope:eqversion:10.1.3.5

Trust: 0.3

vendor:ibmmodel:os/400 v6r1m0scope:eqversion:0

Trust: 0.3

vendor:slackwaremodel:linux x86 64scope:eqversion:13.1

Trust: 0.3

vendor:applemodel:mac osscope:eqversion:x10.7.1

Trust: 0.3

vendor:slackwaremodel:linux x86 64 -currentscope: - version: -

Trust: 0.3

vendor:mandrivamodel:linux mandrakescope:eqversion:2010.1

Trust: 0.3

sources: BID: 51869 // BID: 50802 // CNNVD: CNNVD-201111-435 // NVD: CVE-2011-4317

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2011-4317
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-201111-435
value: MEDIUM

Trust: 0.6

VULMON: CVE-2011-4317
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2011-4317
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:P/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: PARTIAL
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.1

sources: VULMON: CVE-2011-4317 // CNNVD: CNNVD-201111-435 // NVD: CVE-2011-4317

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.0

sources: NVD: CVE-2011-4317

THREAT TYPE

remote

Trust: 0.7

sources: PACKETSTORM: 109837 // CNNVD: CNNVD-201111-435

TYPE

Design Error

Trust: 0.6

sources: BID: 51869 // BID: 50802

EXPLOIT AVAILABILITY

sources: VULMON: CVE-2011-4317

PATCH

title:Apache HTTP Server mod_proxy Reverse proxy mode security bypass vulnerability Repair measuresurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=145990

Trust: 0.6

title:Red Hat: Moderate: httpd security updateurl:https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories&qid=RHSA-20120128 - Security Advisory

Trust: 0.1

title:Ubuntu Security Notice: apache2 vulnerabilitiesurl:https://vulmon.com/vendoradvisory?qidtp=ubuntu_security_notice&qid=USN-1368-1

Trust: 0.1

title:Oracle: Oracle Critical Patch Update Advisory - January 2015url:https://vulmon.com/vendoradvisory?qidtp=oracle_advisories&qid=4a692d6d60aa31507cb101702b494c51

Trust: 0.1

title:Pentest-Cheetsheeturl:https://github.com/MrFrozenPepe/Pentest-Cheetsheet

Trust: 0.1

title:ReconScanurl:https://github.com/RoliSoft/ReconScan

Trust: 0.1

title:ReconScanurl:https://github.com/GiJ03/ReconScan

Trust: 0.1

title:testurl:https://github.com/issdp/test

Trust: 0.1

title:ReconScanurl:https://github.com/kira1111/ReconScan

Trust: 0.1

title: - url:https://github.com/SecureAxom/strike

Trust: 0.1

title:pigaturl:https://github.com/teamssix/pigat

Trust: 0.1

sources: VULMON: CVE-2011-4317 // CNNVD: CNNVD-201111-435

EXTERNAL IDS

db:NVDid:CVE-2011-4317

Trust: 3.0

db:JUNIPERid:JSA10585

Trust: 1.9

db:SECTRACKid:1026353

Trust: 1.6

db:SECUNIAid:48551

Trust: 1.6

db:CNNVDid:CNNVD-201111-435

Trust: 0.6

db:BIDid:51869

Trust: 0.3

db:JUNIPERid:JSA10658

Trust: 0.3

db:BIDid:50802

Trust: 0.3

db:SECUNIAid:46987

Trust: 0.2

db:VULMONid:CVE-2011-4317

Trust: 0.1

db:PACKETSTORMid:109464

Trust: 0.1

db:PACKETSTORMid:107274

Trust: 0.1

db:PACKETSTORMid:121573

Trust: 0.1

db:PACKETSTORMid:109330

Trust: 0.1

db:PACKETSTORMid:109725

Trust: 0.1

db:PACKETSTORMid:117251

Trust: 0.1

db:PACKETSTORMid:109837

Trust: 0.1

sources: VULMON: CVE-2011-4317 // BID: 51869 // BID: 50802 // PACKETSTORM: 109464 // PACKETSTORM: 107274 // PACKETSTORM: 121573 // PACKETSTORM: 109330 // PACKETSTORM: 109725 // PACKETSTORM: 117251 // PACKETSTORM: 109837 // CNNVD: CNNVD-201111-435 // NVD: CVE-2011-4317

REFERENCES

url:http://thread.gmane.org/gmane.comp.apache.devel/46440

Trust: 2.0

url:http://h20000.www2.hp.com/bizsupport/techsupport/document.jsp?objectid=c03360041

Trust: 1.9

url:http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

Trust: 1.9

url:http://www.mandriva.com/security/advisories?name=mdvsa-2012:003

Trust: 1.6

url:http://www.securitytracker.com/id?1026353

Trust: 1.6

url:http://lists.apple.com/archives/security-announce/2012/sep/msg00004.html

Trust: 1.6

url:http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html

Trust: 1.6

url:http://support.apple.com/kb/ht5501

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=133294460209056&w=2

Trust: 1.6

url:http://rhn.redhat.com/errata/rhsa-2012-0128.html

Trust: 1.6

url:https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue

Trust: 1.6

url:http://marc.info/?l=bugtraq&m=134987041210674&w=2

Trust: 1.6

url:http://secunia.com/advisories/48551

Trust: 1.6

url:http://www.debian.org/security/2012/dsa-2405

Trust: 1.6

url:http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html

Trust: 1.6

url:http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

Trust: 1.6

url:http://www.mandriva.com/security/advisories?name=mdvsa-2013:150

Trust: 1.6

url:https://bugzilla.redhat.com/show_bug.cgi?id=756483

Trust: 1.6

url:http://kb.juniper.net/jsa10585

Trust: 1.6

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3ccvs.httpd.apache.org%3e

Trust: 1.0

url:https://community.qualys.com/blogs/securitylabs/tags/cve-2011-4317

Trust: 0.7

url:http://httpd.apache.org/

Trust: 0.6

url:http://support.avaya.com/css/p8/documents/100157326

Trust: 0.6

url:http://support.avaya.com/css/p8/documents/100158872

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2011-4317

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-0031

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2011-3607

Trust: 0.6

url:httpd.apache.org%3e

Trust: 0.6

url:https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3ccvs.

Trust: 0.6

url:https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729@%3ccvs.

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2012-0053

Trust: 0.5

url:https://nvd.nist.gov/vuln/detail/cve-2011-3368

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2012-0021

Trust: 0.4

url:http://www-01.ibm.com/support/docview.wss?uid=swg27014506

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=swg1pm48384

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=nas2394373277328c954862579cd003c709c

Trust: 0.3

url:http://www.ibm.com/support/docview.wss?uid=nas39578294f523b4b8c862579dd00751bce

Trust: 0.3

url:https://support.avaya.com/css/p8/documents/100155947

Trust: 0.3

url:https://support.avaya.com/css/p8/documents/100155955

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/16aeb-4cd3628b94080/cert_xrx12-009_v1.1.pdf

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10585

Trust: 0.3

url:http://kb.juniper.net/infocenter/index?page=content&id=jsa10658&cat=sirt_1&actp=list

Trust: 0.3

url:http://h20565.www2.hp.com/portal/site/hpsc/public/kb/docdisplay/?docid=emr_na-c03231301&ac.admitted=1332965374461.876444892.492883150

Trust: 0.3

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/docdisplay?docid=emr_na-c03517954&ac.admitted=1349807398574.876444892.199480143

Trust: 0.3

url:http://www-01.ibm.com/support/docview.wss?uid=ssg1s1004302

Trust: 0.3

url:http://www.xerox.com/download/security/security-bulletin/12047-4e4eed8d42ca6/cert_xrx13-007_v1.0.pdf

Trust: 0.3

url:http://h20566.www2.hp.com/portal/site/hpsc/public/kb/secbullarchive/

Trust: 0.2

url:http://h41183.www4.hp.com/signup_alerts.php?jumpid=hpsc_secbulletins

Trust: 0.2

url:https://h20566.www2.hp.com/portal/site/hpsc/public/kb/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2011-3639

Trust: 0.1

url:http://internal-host/$1

Trust: 0.1

url:http://internal-host$1

Trust: 0.1

url:http://www.debian.org/security/faq

Trust: 0.1

url:http://www.debian.org/security/

Trust: 0.1

url:https://ca.secunia.com/?page=viewadvisory&vuln_id=46987

Trust: 0.1

url:http://secunia.com/company/jobs/

Trust: 0.1

url:http://secunia.com/vulnerability_intelligence/

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/corporate/wsus_sccm_3rd_third_party_patching/

Trust: 0.1

url:http://secunia.com/advisories/secunia_security_advisories/

Trust: 0.1

url:http://secunia.com/advisories/46987/#comments

Trust: 0.1

url:http://secunia.com/vulnerability_scanning/personal/

Trust: 0.1

url:http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

Trust: 0.1

url:http://secunia.com/advisories/46987/

Trust: 0.1

url:http://secunia.com/advisories/about_secunia_advisories/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0036

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2016

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0057

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4078

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1165

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4885

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2834

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1944

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2014

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0830

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4108

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4153

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-1823

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4415

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4577

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4619

Trust: 0.1

url:http://www.hp.com/swpublishing/mtx-ac3d1f80b8dd48b792bfc01a08

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-0027

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2012

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2012-2015

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3379

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-4576

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-2821

Trust: 0.1

url:http://httpd.apache.org/security/vulnerabilities_22.html

Trust: 0.1

url:http://httpd.apache.org/download.cgi

Trust: 0.1

url:http://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x/versioning

Trust: 0.1

url:http://httpd.apache.org/docs/2.2/new_features_2_2.html

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0021

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-4317

Trust: 0.1

url:http://slackware.com

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0031

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3607

Trust: 0.1

url:http://osuosl.org)

Trust: 0.1

url:http://slackware.com/gpg-key

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-3368

Trust: 0.1

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2012-0053

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-0419

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-1928

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2011-3192

Trust: 0.1

url:http://h71000.www7.hp.com/openvms/products/ips/apache/csws_patches.html

Trust: 0.1

url:http://www.ubuntu.com/usn/usn-1368-1

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.2.20-1ubuntu1.2

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.2.16-1ubuntu3.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.2.8-1ubuntu0.23

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.2.17-1ubuntu1.5

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.2.14-5ubuntu8.8

Trust: 0.1

sources: BID: 51869 // BID: 50802 // PACKETSTORM: 109464 // PACKETSTORM: 107274 // PACKETSTORM: 121573 // PACKETSTORM: 109330 // PACKETSTORM: 109725 // PACKETSTORM: 117251 // PACKETSTORM: 109837 // CNNVD: CNNVD-201111-435 // NVD: CVE-2011-4317

CREDITS

Tomas Hoger

Trust: 0.3

sources: BID: 51869

SOURCES

db:VULMONid:CVE-2011-4317
db:BIDid:51869
db:BIDid:50802
db:PACKETSTORMid:109464
db:PACKETSTORMid:107274
db:PACKETSTORMid:121573
db:PACKETSTORMid:109330
db:PACKETSTORMid:109725
db:PACKETSTORMid:117251
db:PACKETSTORMid:109837
db:CNNVDid:CNNVD-201111-435
db:NVDid:CVE-2011-4317

LAST UPDATE DATE

2024-11-21T21:39:43.296000+00:00


SOURCES UPDATE DATE

db:VULMONid:CVE-2011-4317date:2021-06-06T00:00:00
db:BIDid:51869date:2013-03-22T21:46:00
db:BIDid:50802date:2015-04-13T20:23:00
db:CNNVDid:CNNVD-201111-435date:2021-06-07T00:00:00
db:NVDid:CVE-2011-4317date:2023-11-07T02:09:21.023

SOURCES RELEASE DATE

db:VULMONid:CVE-2011-4317date:2011-11-30T00:00:00
db:BIDid:51869date:2012-02-06T00:00:00
db:BIDid:50802date:2011-11-24T00:00:00
db:PACKETSTORMid:109464date:2012-02-07T00:10:33
db:PACKETSTORMid:107274date:2011-11-26T01:19:58
db:PACKETSTORMid:121573date:2013-05-09T14:44:00
db:PACKETSTORMid:109330date:2012-02-02T01:31:45
db:PACKETSTORMid:109725date:2012-02-13T21:12:34
db:PACKETSTORMid:117251date:2012-10-10T02:28:54
db:PACKETSTORMid:109837date:2012-02-17T02:34:31
db:CNNVDid:CNNVD-201111-435date:2011-11-28T00:00:00
db:NVDid:CVE-2011-4317date:2011-11-30T04:05:58.670