Vulnerability CVE-2009-1191


Published: 2009-04-23   Modified: 2012-02-13

Description:
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

Type:

CWE-20

(Improper Input Validation)

Vendor: Apache
Product: Apache http server 
Version: 2.2.11;

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
http://www.securityfocus.com/bid/34663
http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089
https://issues.apache.org/bugzilla/show_bug.cgi?id=46949
http://xforce.iss.net/xforce/xfdb/50059
http://www.vupen.com/english/advisories/2009/3184
http://www.vupen.com/english/advisories/2009/1147
http://www.ubuntu.com/usn/usn-787-1
http://www.securitytracker.com/id?1022264
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
http://www.mandriva.com/security/advisories?name=MDVSA-2009:102
http://support.apple.com/kb/HT3937
http://security.gentoo.org/glsa/glsa-200907-04.xml
http://secunia.com/advisories/35721
http://secunia.com/advisories/35395
http://secunia.com/advisories/34827
http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8261
http://osvdb.org/53921
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Related CVE
CVE-2018-17197
A carefully crafted or corrupt sqlite file can cause an infinite loop in Apache Tika's SQLite3Parser in versions 1.8-1.19.1 of Apache Tika.
CVE-2018-17195
The template upload API endpoint accepted requests from different domain when sent in conjunction with ARP spoofing + man in the middle (MiTM) attack, resulting in a CSRF attack. The required attack vector is complex, requiring a scenario with client...
CVE-2018-17194
When a client request to a cluster node was replicated to other nodes in the cluster for verification, the Content-Length was forwarded. On a DELETE request, the body was ignored, but if the initial request had a Content-Length value other than 0, th...
CVE-2018-17192
The X-Frame-Options headers were applied inconsistently on some HTTP responses, resulting in duplicate or missing security headers. Some browsers would interpret these results incorrectly, allowing clickjacking attacks. Mitigation: The fix to consist...
CVE-2018-17190
In all versions of Apache Spark, its standalone resource manager accepts code to execute on a 'master' host, that then runs that code on 'worker' hosts. The master itself does not, by design, execute user code. A specially-crafted request to the mast...
CVE-2018-8009
Apache Hadoop 3.1.0, 3.0.0-alpha to 3.0.2, 2.9.0 to 2.9.1, 2.8.0 to 2.8.4, 2.0.0-alpha to 2.7.6, 0.23.0 to 0.23.11 is exploitable via the zip slip vulnerability in places that accept a zip file.
CVE-2018-1314
In Apache Hive 2.3.3, 3.1.0 and earlier, Hive "EXPLAIN" operation does not check for necessary authorization of involved entities in a query. An unauthorized user can do "EXPLAIN" on arbitrary table or view and expose table metadata and statistics.
CVE-2018-11777
In Apache Hive 2.3.3, 3.1.0 and earlier, local resources on HiveServer2 machines are not properly protected against malicious user if ranger, sentry or sql standard authorizer is not in use.

Copyright 2019, cxsecurity.com

 

Back to Top