Vulnerability CVE-2011-3639


Published: 2011-11-29   Modified: 2012-02-13

Description:
The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

Type:

CWE-20

(Improper Input Validation)

Vendor: Apache
Product: Http server 
Version:
2.2.9
2.2.8
2.2.6
2.2.4
2.2.3
2.2.2
2.2.17
2.2.16
2.2.15
2.2.14
2.2.13
2.2.12
2.2.11
2.2.10
2.2.1
2.2.0
2.0.63
2.0.61
2.0.59
2.0.58
2.0.57
2.0.56
2.0.55
2.0.54
2.0.53
2.0.52
2.0.51
2.0.50
2.0.49
2.0.48
2.0.47
2.0.46
2.0.45
2.0.44
2.0.43
2.0.42
2.0.41
2.0.40
2.0.39
2.0.38
2.0.37
2.0.36
2.0.35
2.0.34
2.0.33
2.0.32
2.0.31
2.0.30
2.0.29
2.0.28
2.0.27
2.0.26
2.0.25
2.0.24
2.0.23
2.0.22
2.0.21
2.0.20
2.0.19
2.0.18
2.0.17
2.0.16
2.0.15
2.0.14
2.0.13
2.0.12
2.0.11
Product: Http server2.0a3 
Product: Http server2.0a5 
Product: Http server2.0a7 
Product: Http server2.0a2 
Product: Http server2.0a9 
Product: Http server2.0a4 
Product: Http server2.0a6 
Product: Http server2.0a1 
Product: Http server2.0a8 

CVSS2 => (AV:N/AC:M/Au:N/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4.3/10
2.9/10
8.6/10
Exploit range
Attack complexity
Authentication
Remote
Medium
No required
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
http://rhn.redhat.com/errata/RHSA-2012-0128.html
http://svn.apache.org/viewvc?view=revision&revision=1188745
http://www.debian.org/security/2012/dsa-2405
https://bugzilla.redhat.com/show_bug.cgi?id=752080

Related CVE
CVE-2019-10071
The code which checks HMAC in form submissions used String.equals() for comparisons, which results in a timing side channel for the comparison of the HMAC signatures. This could lead to remote code execution if an attacker is able to determine the co...
CVE-2019-0207
Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.
CVE-2019-0195
Manipulating classpath asset file URLs, an attacker could guess the path to a known file in the classpath and have it downloaded. If the attacker found the file with the value of the tapestry.hmac-passphrase configuration symbol, most probably the we...
CVE-2019-10074
An RCE is possible by entering Freemarker markup in an Apache OFBiz Form Widget textarea field when encoding has been disabled on such a field. This was the case for the Customer Request "story" input in the Order Manager application. Encoding should...
CVE-2019-10073
The "Blog", "Forum", "Contact Us" screens of the template "ecommerce" application bundled in Apache OFBiz are weak to Stored XSS attacks. Mitigation: Upgrade to 16.11.06 or manually apply the following commits on branch 16.11: 1858438, 1858543, 18605...
CVE-2019-0189
The java.io.ObjectInputStream is known to cause Java serialisation issues. This issue here is exposed by the "webtools/control/httpService" URL, and uses Java deserialization to perform code execution. In the HttpEngine, the value of the request para...
CVE-2018-17200
The Apache OFBiz HTTP engine (org.apache.ofbiz.service.engine.HttpEngine.java) handles requests for HTTP services via the /webtools/control/httpService endpoint. This service takes the `serviceContent` parameter in the request and deserializes it usi...
CVE-2019-12401
Solr versions 1.3.0 to 1.4.1, 3.1.0 to 3.6.2 and 4.0.0 to 4.10.4 are vulnerable to an XML resource consumption attack (a.k.a. Lol Bomb) via it?s update handler.?By leveraging XML DOCTYPE and ENTITY type elements, the attacker can create a pattern tha...

Copyright 2019, cxsecurity.com

 

Back to Top