Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-3368

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-05 Oct, 2011 | 22:00
Updated At-06 Aug, 2024 | 23:29
Rejected At-
Credits

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:05 Oct, 2011 | 22:00
Updated At:06 Aug, 2024 | 23:29
Rejected At:
▼CVE Numbering Authority (CNA)

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
mailing-list
x_refsource_MLIST
http://svn.apache.org/viewvc?view=revision&revision=1179239
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=134987041210674&w=2
vendor-advisory
x_refsource_HP
http://www.contextis.com/research/blog/reverseproxybypass/
x_refsource_MISC
http://seclists.org/fulldisclosure/2011/Oct/273
mailing-list
x_refsource_FULLDISC
http://www.redhat.com/support/errata/RHSA-2011-1391.html
vendor-advisory
x_refsource_REDHAT
http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
vendor-advisory
x_refsource_AIXAPAR
http://rhn.redhat.com/errata/RHSA-2012-0543.html
vendor-advisory
x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=134987041210674&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/46288
third-party-advisory
x_refsource_SECUNIA
http://osvdb.org/76079
vdb-entry
x_refsource_OSVDB
http://www.exploit-db.com/exploits/17969
exploit
x_refsource_EXPLOIT-DB
http://marc.info/?l=bugtraq&m=133294460209056&w=2
vendor-advisory
x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/49957
vdb-entry
x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
vendor-advisory
x_refsource_AIXAPAR
http://marc.info/?l=bugtraq&m=133294460209056&w=2
vendor-advisory
x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2012-0542.html
vendor-advisory
x_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
vendor-advisory
x_refsource_APPLE
http://support.apple.com/kb/HT5501
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
vdb-entry
x_refsource_XF
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=740045
x_refsource_CONFIRM
http://www.securitytracker.com/id?1026144
vdb-entry
x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2011-1392.html
vendor-advisory
x_refsource_REDHAT
http://seclists.org/fulldisclosure/2011/Oct/232
mailing-list
x_refsource_FULLDISC
http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
vendor-advisory
x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
vendor-advisory
x_refsource_MANDRIVA
http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
vendor-advisory
x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/46414
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/48551
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2012/dsa-2405
vendor-advisory
x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
vendor-advisory
x_refsource_SUSE
http://kb.juniper.net/JSA10585
x_refsource_CONFIRM
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
Hyperlink: http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1179239
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.contextis.com/research/blog/reverseproxybypass/
Resource:
x_refsource_MISC
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/273
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1391.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0543.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/46288
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://osvdb.org/76079
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.exploit-db.com/exploits/17969
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://marc.info/?l=bugtraq&m=133294460209056&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/49957
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://marc.info/?l=bugtraq&m=133294460209056&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0542.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://support.apple.com/kb/HT5501
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=740045
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1026144
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1392.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/232
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/46414
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/48551
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2012/dsa-2405
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://kb.juniper.net/JSA10585
Resource:
x_refsource_CONFIRM
Hyperlink: https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
mailing-list
x_refsource_MLIST
x_transferred
http://svn.apache.org/viewvc?view=revision&revision=1179239
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=bugtraq&m=134987041210674&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.contextis.com/research/blog/reverseproxybypass/
x_refsource_MISC
x_transferred
http://seclists.org/fulldisclosure/2011/Oct/273
mailing-list
x_refsource_FULLDISC
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-1391.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0543.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://marc.info/?l=bugtraq&m=134987041210674&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/46288
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://osvdb.org/76079
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.exploit-db.com/exploits/17969
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://marc.info/?l=bugtraq&m=133294460209056&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/49957
vdb-entry
x_refsource_BID
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://marc.info/?l=bugtraq&m=133294460209056&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0542.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://support.apple.com/kb/HT5501
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
vdb-entry
x_refsource_XF
x_transferred
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
x_refsource_CONFIRM
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=740045
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1026144
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-1392.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://seclists.org/fulldisclosure/2011/Oct/232
mailing-list
x_refsource_FULLDISC
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/46414
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/48551
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2012/dsa-2405
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://kb.juniper.net/JSA10585
x_refsource_CONFIRM
x_transferred
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1179239
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.contextis.com/research/blog/reverseproxybypass/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/273
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1391.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0543.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/46288
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://osvdb.org/76079
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/17969
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133294460209056&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/49957
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133294460209056&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0542.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://support.apple.com/kb/HT5501
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=740045
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026144
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1392.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/232
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/46414
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/48551
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2012/dsa-2405
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://kb.juniper.net/JSA10585
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:05 Oct, 2011 | 22:55
Updated At:29 Apr, 2026 | 01:13

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

The Apache Software Foundation
apache
>>http_server>>1.3
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.0
cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.1
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.1.1
cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.2
cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.3
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.4
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.5
cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.6
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.7
cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.8
cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.9
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.10
cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.11
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.12
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.13
cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.14
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.15
cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.16
cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.17
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.18
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.19
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.20
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.22
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.23
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.24
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.25
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.26
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.27
cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.28
cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.29
cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.30
cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.31
cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.32
cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.33
cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.34
cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.35
cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.36
cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.37
cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.38
cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.39
cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.41
cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.42
cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.65
cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.68
cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>2.0
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>2.0.9
cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>2.0.28
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>2.0.28
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>2.0.32
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://kb.juniper.net/JSA10585secalert@redhat.com
N/A
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.htmlsecalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=133294460209056&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=134987041210674&w=2secalert@redhat.com
N/A
http://osvdb.org/76079secalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-0542.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-0543.htmlsecalert@redhat.com
N/A
http://seclists.org/fulldisclosure/2011/Oct/232secalert@redhat.com
N/A
http://seclists.org/fulldisclosure/2011/Oct/273secalert@redhat.com
N/A
http://secunia.com/advisories/46288secalert@redhat.com
N/A
http://secunia.com/advisories/46414secalert@redhat.com
N/A
http://secunia.com/advisories/48551secalert@redhat.com
N/A
http://support.apple.com/kb/HT5501secalert@redhat.com
N/A
http://svn.apache.org/viewvc?view=revision&revision=1179239secalert@redhat.com
Patch
http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQltsecalert@redhat.com
Exploit
Patch
http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42secalert@redhat.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48secalert@redhat.com
N/A
http://www.contextis.com/research/blog/reverseproxybypass/secalert@redhat.com
N/A
http://www.debian.org/security/2012/dsa-2405secalert@redhat.com
N/A
http://www.exploit-db.com/exploits/17969secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:144secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150secalert@redhat.com
N/A
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2011-1391.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2011-1392.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/49957secalert@redhat.com
N/A
http://www.securitytracker.com/id?1026144secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=740045secalert@redhat.com
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/70336secalert@redhat.com
N/A
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
http://kb.juniper.net/JSA10585af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133294460209056&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=134987041210674&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/76079af854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0542.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0543.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2011/Oct/232af854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2011/Oct/273af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/46288af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/46414af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48551af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT5501af854a3a-2127-422b-91ae-364da2661108
N/A
http://svn.apache.org/viewvc?view=revision&revision=1179239af854a3a-2127-422b-91ae-364da2661108
Patch
http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQltaf854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.contextis.com/research/blog/reverseproxybypass/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2012/dsa-2405af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.exploit-db.com/exploits/17969af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:144af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-1391.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-1392.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/49957af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026144af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=740045af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/70336af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://kb.juniper.net/JSA10585
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133294460209056&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://osvdb.org/76079
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0542.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0543.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/232
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/273
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/46288
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/46414
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48551
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT5501
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1179239
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.contextis.com/research/blog/reverseproxybypass/
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2012/dsa-2405
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.exploit-db.com/exploits/17969
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1391.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1392.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/49957
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026144
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=740045
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://kb.juniper.net/JSA10585
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133294460209056&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/76079
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0542.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0543.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/232
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/273
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/46288
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/46414
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48551
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT5501
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1179239
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.contextis.com/research/blog/reverseproxybypass/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2012/dsa-2405
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.exploit-db.com/exploits/17969
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1391.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1392.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/49957
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026144
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=740045
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

646Records found

CVE-2011-1475
Matching Score-10
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-10
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-8.69% / 94.48%
||
7 Day CHG~0.00%
Published-08 Apr, 2011 | 15:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP BIO connector in Apache Tomcat 7.0.x before 7.0.12 does not properly handle HTTP pipelining, which allows remote attackers to read responses intended for other clients in opportunistic circumstances by examining the application data in HTTP packets, related to "a mix-up of responses for requests from different users."

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2010-1587
Matching Score-10
Assigner-MITRE Corporation
ShareView Details
Matching Score-10
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-78.02% / 99.52%
||
7 Day CHG~0.00%
Published-28 Apr, 2010 | 22:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // (slash slash) initial substring in a URI for (1) admin/index.jsp, (2) admin/queues.jsp, or (3) admin/topics.jsp.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-activemqn/a
CWE ID-CWE-20
Improper Input Validation
CVE-2005-4703
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-25.13% / 97.67%
||
7 Day CHG~0.00%
Published-01 Feb, 2006 | 20:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Tomcat 4.0.3, when running on Windows, allows remote attackers to obtain sensitive information via a request for a file that contains an MS-DOS device name such as lpt9, which leaks the pathname in an error message, as demonstrated by lpt9.xtp using Nikto.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CVE-2016-0783
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-7.10% / 93.46%
||
7 Day CHG~0.00%
Published-11 Apr, 2016 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The sendHashByUser function in Apache OpenMeetings before 3.1.1 generates predictable password reset tokens, which makes it easier for remote attackers to reset arbitrary user passwords by leveraging knowledge of a user name and the current system time.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-openmeetingsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2016-0736
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-49.02% / 98.74%
||
7 Day CHG~0.00%
Published-27 Jul, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache HTTP Server versions 2.4.0 to 2.4.23, mod_session_crypto was encrypting its data/cookie using the configured ciphers with possibly either CBC or ECB modes of operation (AES256-CBC by default), hence no selectable or builtin authenticated encryption. This made it vulnerable to padding oracle attacks, particularly with CBC.

Action-Not Available
Vendor-The Apache Software Foundation
Product-http_serverApache HTTP Server
CVE-2020-9483
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-34.61% / 98.22%
||
7 Day CHG~0.00%
Published-30 Jun, 2020 | 14:28
Updated-04 Aug, 2024 | 10:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

**Resolved** When use H2/MySQL/TiDB as Apache SkyWalking storage, the metadata query through GraphQL protocol, there is a SQL injection vulnerability, which allows to access unpexcted data. Apache SkyWalking 6.0.0 to 6.6.0, 7.0.0 H2/MySQL/TiDB storage implementations don't use the appropriate way to set SQL parameters.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-skywalkingApache SkyWalking
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2004-2680
Matching Score-8
Assigner-Canonical Ltd.
ShareView Details
Matching Score-8
Assigner-Canonical Ltd.
CVSS Score-5||MEDIUM
EPSS-4.26% / 89.87%
||
7 Day CHG~0.00%
Published-04 Mar, 2007 | 23:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly handle when output filters process more than 16384 bytes, which can cause filter.read to return portions of previously freed memory.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-mod_pythonn/a
CVE-2004-0173
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-15.76% / 96.46%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Directory traversal vulnerability in Apache 1.3.29 and earlier, and Apache 2.0.48 and earlier, when running on Cygwin, allows remote attackers to read arbitrary files via a URL containing "..%5C" (dot dot encoded backslash) sequences.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_servern/a
CVE-2017-7683
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.00% / 78.29%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache OpenMeetings 1.0.0 displays Tomcat version and detailed error stack trace, which is not secure.

Action-Not Available
Vendor-The Apache Software Foundation
Product-openmeetingsApache OpenMeetings
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2004-0263
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-3.48% / 87.69%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global variables between virtual hosts that are handled by the same Apache child process but have different settings, which could allow remote attackers to obtain sensitive information.

Action-Not Available
Vendor-n/aThe Apache Software FoundationIBM Corporation
Product-http_servern/a
CVE-2002-1156
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-13.46% / 95.97%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache 2.0.42 allows remote attackers to view the source code of a CGI script via a POST request to a directory with both WebDAV and CGI enabled.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_servern/a
CVE-2003-0042
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-46.03% / 98.66%
||
7 Day CHG~0.00%
Published-29 Jan, 2003 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, allows remote attackers to list directories even with an index.html or other file present, or obtain unprocessed source code for a JSP file, via a URL containing a null character.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CVE-2002-2008
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-7.11% / 93.47%
||
7 Day CHG~0.00%
Published-14 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the web root path via an HTTP request for a resource that does not exist, such as lpt9, which leaks the information in an error message.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CVE-2003-0043
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-4.05% / 89.39%
||
7 Day CHG~0.00%
Published-01 Sep, 2004 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, uses trusted privileges when processing the web.xml file, which could allow remote attackers to read portions of some files through the web.xml file.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CVE-2002-2009
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-7.31% / 93.62%
||
7 Day CHG~0.00%
Published-14 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Tomcat 4.0.1 allows remote attackers to obtain the web root path via HTTP requests for JSP files preceded by (1) +/, (2) >/, (3) </, and (4) %20/, which leaks the pathname in an error message.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CVE-2015-8320
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-4.44% / 90.21%
||
7 Day CHG~0.00%
Published-23 Nov, 2015 | 11:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Cordova-Android before 3.7.0 improperly generates random values for BridgeSecret data, which makes it easier for attackers to conduct bridge hijacking attacks by predicting a value.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-cordovan/a
CVE-2002-2007
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-41.40% / 98.50%
||
7 Day CHG~0.00%
Published-14 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remote attackers to obtain sensitive system information such as directory listings and web root path, via erroneous HTTP requests for Java Server Pages (JSP) in the (1) test/jsp, (2) samples/jsp and (3) examples/jsp directories, or the (4) test/realPath.jsp servlet, which leaks pathnames in error messages.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CVE-2002-2006
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-30.67% / 98.02%
||
7 Day CHG~0.00%
Published-14 Jul, 2005 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 through 3.3.1 allows remote attackers to obtain the installation path and other sensitive system information via the (1) SnoopServlet or (2) TroubleShooter example servlets.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CVE-2015-6524
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-8.47% / 94.35%
||
7 Day CHG~0.00%
Published-24 Aug, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows wildcard operators in usernames, which allows remote attackers to obtain credentials via a brute force attack. NOTE: this identifier was SPLIT from CVE-2014-3612 per ADT2 due to different vulnerability types.

Action-Not Available
Vendor-n/aThe Apache Software FoundationFedora Project
Product-activemqfedoran/a
CVE-2002-0240
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-7.78% / 93.92%
||
7 Day CHG~0.00%
Published-03 May, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

PHP, when installed with Apache and configured to search for index.php as a default web page, allows remote attackers to obtain the full pathname of the server via the HTTP OPTIONS method, which reveals the pathname in the resulting error message.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_servern/a
CVE-2001-0925
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-75.24% / 99.45%
||
7 Day CHG~0.00%
Published-02 Feb, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default installation of Apache before 1.3.19 allows remote attackers to list directories instead of the multiview index.html file via an HTTP request for a path that contains many / (slash) characters, which causes the path to be mishandled by (1) mod_negotiation, (2) mod_dir, or (3) mod_autoindex.

Action-Not Available
Vendor-n/aThe Apache Software FoundationDebian GNU/Linux
Product-debian_linuxhttp_servern/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2001-0590
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.96% / 95.35%
||
7 Day CHG~0.00%
Published-09 Mar, 2002 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Software Foundation Tomcat Servlet prior to 3.2.2 allows a remote attacker to read the source code to arbitrary 'jsp' files via a malformed URL request which does not end with an HTTP protocol specification (i.e. HTTP/1.0).

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CVE-2015-5345
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-18.38% / 96.88%
||
7 Day CHG~0.00%
Published-25 Feb, 2016 | 01:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Mapper component in Apache Tomcat 6.x before 6.0.45, 7.x before 7.0.68, 8.x before 8.0.30, and 9.x before 9.0.0.M2 processes redirects before considering security constraints and Filters, which allows remote attackers to determine the existence of a directory via a URL that lacks a trailing / (slash) character.

Action-Not Available
Vendor-n/aCanonical Ltd.The Apache Software FoundationDebian GNU/Linux
Product-tomcatdebian_linuxubuntu_linuxn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2000-0868
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-44.72% / 98.62%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 allows remote attackers to read source code for CGI scripts by replacing the /cgi-bin/ in the requested URL with /cgi-bin-sdb/.

Action-Not Available
Vendor-n/aThe Apache Software FoundationSUSE
Product-suse_linuxhttp_servern/a
CVE-2000-0913
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-34.58% / 98.22%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod_rewrite in Apache 1.3.12 and earlier allows remote attackers to read arbitrary files if a RewriteRule directive is expanded to include a filename whose name contains a regular expression.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_servern/a
CVE-2000-1204
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-10.51% / 95.21%
||
7 Day CHG~0.00%
Published-31 Aug, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the mod_vhost_alias virtual hosting module for Apache 1.3.9, 1.3.11 and 1.3.12 allows remote attackers to obtain the source code for CGI programs if the cgi-bin directory is under the document root.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_servern/a
CVE-2000-1206
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-5.31% / 91.60%
||
7 Day CHG~0.00%
Published-31 Aug, 2002 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in Apache httpd before 1.3.11, when configured for mass virtual hosting using mod_rewrite, or mod_vhost_alias in Apache 1.3.9, allows remote attackers to retrieve arbitrary files.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-http_servern/a
CVE-2017-3154
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.05% / 78.92%
||
7 Day CHG~0.00%
Published-29 Aug, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Error responses from Apache Atlas versions 0.6.0-incubating and 0.7.0-incubating included stack trace, exposing excessive information.

Action-Not Available
Vendor-The Apache Software Foundation
Product-atlasApache Atlas
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-17572
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-2.99% / 85.65%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 16:10
Updated-05 Aug, 2024 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache RocketMQ 4.2.0 to 4.6.0, when the automatic topic creation in the broker is turned on by default, an evil topic like “../../../../topic2020” is sent from rocketmq-client to the broker, a topic folder will be created in the parent directory in brokers, which leads to a directory traversal vulnerability. Users of the affected versions should apply one of the following: Upgrade to Apache RocketMQ 4.6.1 or later.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-rocketmqApache RocketMQ
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2000-0869
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-50.95% / 98.80%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of Apache 1.3.12 in SuSE Linux 6.4 enables WebDAV, which allows remote attackers to list arbitrary directories via the PROPFIND HTTP request method.

Action-Not Available
Vendor-n/aThe Apache Software FoundationSUSE
Product-suse_linuxhttp_servern/a
CVE-2000-0672
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-9.85% / 94.98%
||
7 Day CHG~0.00%
Published-22 Jan, 2001 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The default configuration of Jakarta Tomcat does not restrict access to the /admin context, which allows remote attackers to read arbitrary files by directly calling the administrative servlets to add a context for the root directory.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CVE-2015-3271
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-6.52% / 92.95%
||
7 Day CHG~0.00%
Published-15 Dec, 2016 | 22:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Tika server (aka tika-server) in Apache Tika 1.9 might allow remote attackers to read arbitrary files via the HTTP fileUrl header.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tikan/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2015-3184
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-10.61% / 95.24%
||
7 Day CHG~0.00%
Published-12 Aug, 2015 | 14:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod_authz_svn in Apache Subversion 1.7.x before 1.7.21 and 1.8.x before 1.8.14, when using Apache httpd 2.4.x, does not properly restrict anonymous access, which allows remote anonymous users to read hidden files via the path name.

Action-Not Available
Vendor-n/aApple Inc.The Apache Software Foundation
Product-xcodesubversionhttp_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-17836
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-2.17% / 80.02%
||
7 Day CHG~0.00%
Published-23 Jan, 2019 | 17:00
Updated-17 Sep, 2024 | 02:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Airflow 1.8.2 and earlier, an experimental Airflow feature displayed authenticated cookies, as well as passwords to databases used by Airflow. An attacker who has limited access to airflow, whether it be via XSS or by leaving a machine unlocked can exfiltrate all credentials from the system.

Action-Not Available
Vendor-The Apache Software Foundation
Product-airflowApache Airflow
CWE ID-CWE-255
Not Available
CVE-2015-3250
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.07% / 91.29%
||
7 Day CHG~0.00%
Published-07 Sep, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Directory LDAP API before 1.0.0-M31 allows attackers to conduct timing attacks via unspecified vectors.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-directory_ldap_apin/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-1999-0678
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-31.41% / 98.06%
||
7 Day CHG~0.00%
Published-22 Mar, 2000 | 05:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A default configuration of Apache on Debian GNU/Linux sets the ServerRoot to /usr/doc, which allows remote users to read documentation files for the entire server.

Action-Not Available
Vendor-n/aThe Apache Software FoundationDebian GNU/Linux
Product-debian_linuxhttp_servern/a
CVE-2022-23942
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-3.14% / 86.31%
||
7 Day CHG~0.00%
Published-26 Apr, 2022 | 16:05
Updated-03 Aug, 2024 | 03:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Doris hardcoded cryptography initialization

Apache Doris, prior to 1.0.0, used a hardcoded key and IV to initialize the cipher used for ldap password, which may lead to information disclosure.

Action-Not Available
Vendor-The Apache Software Foundation
Product-dorisApache Doris(Incubating)
CWE ID-CWE-798
Use of Hard-coded Credentials
CVE-1999-0236
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-25.79% / 97.72%
||
7 Day CHG~0.00%
Published-29 Sep, 1999 | 04:00
Updated-16 Apr, 2026 | 00:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ScriptAlias directory in NCSA and Apache httpd allowed attackers to read CGI programs.

Action-Not Available
Vendor-illinoisn/aThe Apache Software Foundation
Product-http_serverncsa_httpdn/a
CVE-2017-15718
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-3.64% / 88.16%
||
7 Day CHG~0.00%
Published-24 Jan, 2018 | 14:00
Updated-17 Sep, 2024 | 03:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The YARN NodeManager in Apache Hadoop 2.7.3 and 2.7.4 can leak the password for credential store provider used by the NodeManager to YARN Applications.

Action-Not Available
Vendor-The Apache Software Foundation
Product-hadoopApache Hadoop
CVE-2022-22932
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-2.83% / 84.89%
||
7 Day CHG~0.00%
Published-26 Jan, 2022 | 11:10
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Path traversal flaws

Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326

Action-Not Available
Vendor-The Apache Software Foundation
Product-karafApache Karaf
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2022-23223
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-4.31% / 89.95%
||
7 Day CHG~0.00%
Published-25 Jan, 2022 | 13:00
Updated-03 Aug, 2024 | 03:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache ShenYu Password leakage

On Apache ShenYu versions 2.4.0 and 2.4.1, and endpoint existed that disclosed the passwords of all users. Users are recommended to upgrade to version 2.4.2 or later.

Action-Not Available
Vendor-The Apache Software Foundation
Product-shenyuApache ShenYu (incubating)
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2015-0263
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-7.53% / 93.76%
||
7 Day CHG~0.00%
Published-03 Jun, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

XML external entity (XXE) vulnerability in the XML converter setup in converter/jaxp/XmlConverter.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allows remote attackers to read arbitrary files via an external entity in an SAXSource.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-cameln/a
CVE-2014-9635
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-2.72% / 84.23%
||
7 Day CHG~0.00%
Published-12 Sep, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins before 1.586 does not set the HttpOnly flag in a Set-Cookie header for session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to obtain potentially sensitive information via script access to cookies.

Action-Not Available
Vendor-n/aThe Apache Software FoundationJenkins
Product-tomcatjenkinsn/a
CVE-2015-0264
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-7.09% / 93.45%
||
7 Day CHG~0.00%
Published-03 Jun, 2015 | 20:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple XML external entity (XXE) vulnerabilities in builder/xml/XPathBuilder.java in Apache Camel before 2.13.4 and 2.14.x before 2.14.2 allow remote attackers to read arbitrary files via an external entity in an invalid XML (1) String or (2) GenericFile object in an XPath query.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-cameln/a
CVE-2014-9634
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5.3||MEDIUM
EPSS-2.72% / 84.23%
||
7 Day CHG~0.00%
Published-12 Sep, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Jenkins before 1.586 does not set the secure flag on session cookies when run on Tomcat 7.0.41 or later, which makes it easier for remote attackers to capture cookies by intercepting their transmission within an HTTP session.

Action-Not Available
Vendor-n/aThe Apache Software FoundationJenkins
Product-tomcatjenkinsn/a
CVE-2014-8111
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-7.11% / 93.47%
||
7 Day CHG~0.00%
Published-21 Apr, 2015 | 17:00
Updated-06 May, 2026 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Tomcat Connectors (mod_jk) before 1.2.41 ignores JkUnmount rules for subtrees of previous JkMount rules, which allows remote attackers to access otherwise restricted artifacts via unspecified vectors.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcat_connectorsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2014-7808
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.11% / 61.81%
||
7 Day CHG~0.00%
Published-15 Sep, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Wicket before 1.5.13, 6.x before 6.19.0, and 7.x before 7.0.0-M5 make it easier for attackers to defeat a cryptographic protection mechanism and predict encrypted URLs by leveraging use of CryptoMapper as the default encryption provider.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-wicketn/a
CVE-2016-8741
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-6.18% / 92.63%
||
7 Day CHG~0.00%
Published-15 May, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Apache Qpid Broker for Java can be configured to use different so called AuthenticationProviders to handle user authentication. Among the choices are the SCRAM-SHA-1 and SCRAM-SHA-256 AuthenticationProvider types. It was discovered that these AuthenticationProviders in Apache Qpid Broker for Java 6.0.x before 6.0.6 and 6.1.x before 6.1.1 prematurely terminate the SCRAM SASL negotiation if the provided user name does not exist thus allowing remote attacker to determine the existence of user accounts. The Vulnerability does not apply to AuthenticationProviders other than SCRAM-SHA-1 and SCRAM-SHA-256.

Action-Not Available
Vendor-The Apache Software Foundation
Product-qpid_broker-jApache Qpid Broker-J
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2021-45457
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.34% / 81.52%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 12:35
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Overly broad CORS configuration

In Apache Kylin, Cross-origin requests with credentials are allowed to be sent from any origin. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

Action-Not Available
Vendor-The Apache Software Foundation
Product-kylinApache Kylin
CWE ID-CWE-863
Incorrect Authorization
CVE-2021-45458
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.08% / 79.21%
||
7 Day CHG~0.00%
Published-06 Jan, 2022 | 12:35
Updated-04 Aug, 2024 | 04:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Hardcoded credentials

Apache Kylin provides encryption classes PasswordPlaceholderConfigurer to help users encrypt their passwords. In the encryption algorithm used by this encryption class, the cipher is initialized with a hardcoded key and IV. If users use class PasswordPlaceholderConfigurer to encrypt their password and configure it into kylin's configuration file, there is a risk that the password may be decrypted. This issue affects Apache Kylin 2 version 2.6.6 and prior versions; Apache Kylin 3 version 3.1.2 and prior versions; Apache Kylin 4 version 4.0.0 and prior versions.

Action-Not Available
Vendor-The Apache Software Foundation
Product-kylinApache Kylin
CWE ID-CWE-798
Use of Hard-coded Credentials
CWE ID-CWE-330
Use of Insufficiently Random Values
  • Previous
  • 1
  • 2
  • 3
  • ...
  • 12
  • 13
  • Next
Details not found