Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2011-3368

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-05 Oct, 2011 | 22:00
Updated At-06 Aug, 2024 | 23:29
Rejected At-
Credits

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:05 Oct, 2011 | 22:00
Updated At:06 Aug, 2024 | 23:29
Rejected At:
â–¼CVE Numbering Authority (CNA)

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
mailing-list
x_refsource_MLIST
http://svn.apache.org/viewvc?view=revision&revision=1179239
x_refsource_CONFIRM
http://marc.info/?l=bugtraq&m=134987041210674&w=2
vendor-advisory
x_refsource_HP
http://www.contextis.com/research/blog/reverseproxybypass/
x_refsource_MISC
http://seclists.org/fulldisclosure/2011/Oct/273
mailing-list
x_refsource_FULLDISC
http://www.redhat.com/support/errata/RHSA-2011-1391.html
vendor-advisory
x_refsource_REDHAT
http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
vendor-advisory
x_refsource_AIXAPAR
http://rhn.redhat.com/errata/RHSA-2012-0543.html
vendor-advisory
x_refsource_REDHAT
http://marc.info/?l=bugtraq&m=134987041210674&w=2
vendor-advisory
x_refsource_HP
http://secunia.com/advisories/46288
third-party-advisory
x_refsource_SECUNIA
http://osvdb.org/76079
vdb-entry
x_refsource_OSVDB
http://www.exploit-db.com/exploits/17969
exploit
x_refsource_EXPLOIT-DB
http://marc.info/?l=bugtraq&m=133294460209056&w=2
vendor-advisory
x_refsource_HP
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
x_refsource_CONFIRM
http://www.securityfocus.com/bid/49957
vdb-entry
x_refsource_BID
http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
vendor-advisory
x_refsource_AIXAPAR
http://marc.info/?l=bugtraq&m=133294460209056&w=2
vendor-advisory
x_refsource_HP
http://rhn.redhat.com/errata/RHSA-2012-0542.html
vendor-advisory
x_refsource_REDHAT
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
vendor-advisory
x_refsource_APPLE
http://support.apple.com/kb/HT5501
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
vdb-entry
x_refsource_XF
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=740045
x_refsource_CONFIRM
http://www.securitytracker.com/id?1026144
vdb-entry
x_refsource_SECTRACK
http://www.redhat.com/support/errata/RHSA-2011-1392.html
vendor-advisory
x_refsource_REDHAT
http://seclists.org/fulldisclosure/2011/Oct/232
mailing-list
x_refsource_FULLDISC
http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
vendor-advisory
x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
vendor-advisory
x_refsource_MANDRIVA
http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
vendor-advisory
x_refsource_SUSE
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/46414
third-party-advisory
x_refsource_SECUNIA
http://secunia.com/advisories/48551
third-party-advisory
x_refsource_SECUNIA
http://www.debian.org/security/2012/dsa-2405
vendor-advisory
x_refsource_DEBIAN
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
vendor-advisory
x_refsource_SUSE
http://kb.juniper.net/JSA10585
x_refsource_CONFIRM
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
Hyperlink: http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1179239
Resource:
x_refsource_CONFIRM
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.contextis.com/research/blog/reverseproxybypass/
Resource:
x_refsource_MISC
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/273
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1391.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0543.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://secunia.com/advisories/46288
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://osvdb.org/76079
Resource:
vdb-entry
x_refsource_OSVDB
Hyperlink: http://www.exploit-db.com/exploits/17969
Resource:
exploit
x_refsource_EXPLOIT-DB
Hyperlink: http://marc.info/?l=bugtraq&m=133294460209056&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securityfocus.com/bid/49957
Resource:
vdb-entry
x_refsource_BID
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
Resource:
vendor-advisory
x_refsource_AIXAPAR
Hyperlink: http://marc.info/?l=bugtraq&m=133294460209056&w=2
Resource:
vendor-advisory
x_refsource_HP
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0542.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
Hyperlink: http://support.apple.com/kb/HT5501
Resource:
x_refsource_CONFIRM
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
Resource:
vdb-entry
x_refsource_XF
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
Resource:
x_refsource_CONFIRM
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=740045
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.securitytracker.com/id?1026144
Resource:
vdb-entry
x_refsource_SECTRACK
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1392.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/232
Resource:
mailing-list
x_refsource_FULLDISC
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/46414
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://secunia.com/advisories/48551
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.debian.org/security/2012/dsa-2405
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Resource:
vendor-advisory
x_refsource_SUSE
Hyperlink: http://kb.juniper.net/JSA10585
Resource:
x_refsource_CONFIRM
Hyperlink: https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
â–¼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
mailing-list
x_refsource_MLIST
x_transferred
http://svn.apache.org/viewvc?view=revision&revision=1179239
x_refsource_CONFIRM
x_transferred
http://marc.info/?l=bugtraq&m=134987041210674&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.contextis.com/research/blog/reverseproxybypass/
x_refsource_MISC
x_transferred
http://seclists.org/fulldisclosure/2011/Oct/273
mailing-list
x_refsource_FULLDISC
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-1391.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0543.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://marc.info/?l=bugtraq&m=134987041210674&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://secunia.com/advisories/46288
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://osvdb.org/76079
vdb-entry
x_refsource_OSVDB
x_transferred
http://www.exploit-db.com/exploits/17969
exploit
x_refsource_EXPLOIT-DB
x_transferred
http://marc.info/?l=bugtraq&m=133294460209056&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
x_refsource_CONFIRM
x_transferred
http://www.securityfocus.com/bid/49957
vdb-entry
x_refsource_BID
x_transferred
http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
vendor-advisory
x_refsource_AIXAPAR
x_transferred
http://marc.info/?l=bugtraq&m=133294460209056&w=2
vendor-advisory
x_refsource_HP
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0542.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
vendor-advisory
x_refsource_APPLE
x_transferred
http://support.apple.com/kb/HT5501
x_refsource_CONFIRM
x_transferred
https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
vdb-entry
x_refsource_XF
x_transferred
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
x_refsource_CONFIRM
x_transferred
https://bugzilla.redhat.com/show_bug.cgi?id=740045
x_refsource_CONFIRM
x_transferred
http://www.securitytracker.com/id?1026144
vdb-entry
x_refsource_SECTRACK
x_transferred
http://www.redhat.com/support/errata/RHSA-2011-1392.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://seclists.org/fulldisclosure/2011/Oct/232
mailing-list
x_refsource_FULLDISC
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/46414
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://secunia.com/advisories/48551
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.debian.org/security/2012/dsa-2405
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
vendor-advisory
x_refsource_SUSE
x_transferred
http://kb.juniper.net/JSA10585
x_refsource_CONFIRM
x_transferred
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1179239
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.contextis.com/research/blog/reverseproxybypass/
Resource:
x_refsource_MISC
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/273
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1391.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0543.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://secunia.com/advisories/46288
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://osvdb.org/76079
Resource:
vdb-entry
x_refsource_OSVDB
x_transferred
Hyperlink: http://www.exploit-db.com/exploits/17969
Resource:
exploit
x_refsource_EXPLOIT-DB
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133294460209056&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securityfocus.com/bid/49957
Resource:
vdb-entry
x_refsource_BID
x_transferred
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
Resource:
vendor-advisory
x_refsource_AIXAPAR
x_transferred
Hyperlink: http://marc.info/?l=bugtraq&m=133294460209056&w=2
Resource:
vendor-advisory
x_refsource_HP
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0542.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Resource:
vendor-advisory
x_refsource_APPLE
x_transferred
Hyperlink: http://support.apple.com/kb/HT5501
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
Resource:
vdb-entry
x_refsource_XF
x_transferred
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=740045
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.securitytracker.com/id?1026144
Resource:
vdb-entry
x_refsource_SECTRACK
x_transferred
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1392.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/232
Resource:
mailing-list
x_refsource_FULLDISC
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/46414
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://secunia.com/advisories/48551
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.debian.org/security/2012/dsa-2405
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://kb.juniper.net/JSA10585
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Resource:
mailing-list
x_refsource_MLIST
x_transferred
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:05 Oct, 2011 | 22:55
Updated At:29 Apr, 2026 | 01:13

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.05.0MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
Type: Primary
Version: 2.0
Base score: 5.0
Base severity: MEDIUM
Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N
CPE Matches

The Apache Software Foundation
apache
>>http_server>>1.3
cpe:2.3:a:apache:http_server:1.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.0
cpe:2.3:a:apache:http_server:1.3.0:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.1
cpe:2.3:a:apache:http_server:1.3.1:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.1.1
cpe:2.3:a:apache:http_server:1.3.1.1:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.2
cpe:2.3:a:apache:http_server:1.3.2:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.3
cpe:2.3:a:apache:http_server:1.3.3:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.4
cpe:2.3:a:apache:http_server:1.3.4:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.5
cpe:2.3:a:apache:http_server:1.3.5:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.6
cpe:2.3:a:apache:http_server:1.3.6:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.7
cpe:2.3:a:apache:http_server:1.3.7:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.8
cpe:2.3:a:apache:http_server:1.3.8:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.9
cpe:2.3:a:apache:http_server:1.3.9:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.10
cpe:2.3:a:apache:http_server:1.3.10:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.11
cpe:2.3:a:apache:http_server:1.3.11:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.12
cpe:2.3:a:apache:http_server:1.3.12:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.13
cpe:2.3:a:apache:http_server:1.3.13:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.14
cpe:2.3:a:apache:http_server:1.3.14:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.15
cpe:2.3:a:apache:http_server:1.3.15:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.16
cpe:2.3:a:apache:http_server:1.3.16:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.17
cpe:2.3:a:apache:http_server:1.3.17:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.18
cpe:2.3:a:apache:http_server:1.3.18:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.19
cpe:2.3:a:apache:http_server:1.3.19:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.20
cpe:2.3:a:apache:http_server:1.3.20:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.22
cpe:2.3:a:apache:http_server:1.3.22:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.23
cpe:2.3:a:apache:http_server:1.3.23:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.24
cpe:2.3:a:apache:http_server:1.3.24:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.25
cpe:2.3:a:apache:http_server:1.3.25:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.26
cpe:2.3:a:apache:http_server:1.3.26:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.27
cpe:2.3:a:apache:http_server:1.3.27:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.28
cpe:2.3:a:apache:http_server:1.3.28:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.29
cpe:2.3:a:apache:http_server:1.3.29:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.30
cpe:2.3:a:apache:http_server:1.3.30:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.31
cpe:2.3:a:apache:http_server:1.3.31:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.32
cpe:2.3:a:apache:http_server:1.3.32:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.33
cpe:2.3:a:apache:http_server:1.3.33:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.34
cpe:2.3:a:apache:http_server:1.3.34:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.35
cpe:2.3:a:apache:http_server:1.3.35:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.36
cpe:2.3:a:apache:http_server:1.3.36:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.37
cpe:2.3:a:apache:http_server:1.3.37:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.38
cpe:2.3:a:apache:http_server:1.3.38:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.39
cpe:2.3:a:apache:http_server:1.3.39:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.41
cpe:2.3:a:apache:http_server:1.3.41:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.42
cpe:2.3:a:apache:http_server:1.3.42:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.65
cpe:2.3:a:apache:http_server:1.3.65:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>1.3.68
cpe:2.3:a:apache:http_server:1.3.68:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>2.0
cpe:2.3:a:apache:http_server:2.0:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>2.0.9
cpe:2.3:a:apache:http_server:2.0.9:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>2.0.28
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>2.0.28
cpe:2.3:a:apache:http_server:2.0.28:beta:*:*:*:*:*:*
The Apache Software Foundation
apache
>>http_server>>2.0.32
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-20Primarynvd@nist.gov
CWE ID: CWE-20
Type: Primary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
http://kb.juniper.net/JSA10585secalert@redhat.com
N/A
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.htmlsecalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.htmlsecalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=133294460209056&w=2secalert@redhat.com
N/A
http://marc.info/?l=bugtraq&m=134987041210674&w=2secalert@redhat.com
N/A
http://osvdb.org/76079secalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-0542.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-0543.htmlsecalert@redhat.com
N/A
http://seclists.org/fulldisclosure/2011/Oct/232secalert@redhat.com
N/A
http://seclists.org/fulldisclosure/2011/Oct/273secalert@redhat.com
N/A
http://secunia.com/advisories/46288secalert@redhat.com
N/A
http://secunia.com/advisories/46414secalert@redhat.com
N/A
http://secunia.com/advisories/48551secalert@redhat.com
N/A
http://support.apple.com/kb/HT5501secalert@redhat.com
N/A
http://svn.apache.org/viewvc?view=revision&revision=1179239secalert@redhat.com
Patch
http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQltsecalert@redhat.com
Exploit
Patch
http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42secalert@redhat.com
N/A
http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48secalert@redhat.com
N/A
http://www.contextis.com/research/blog/reverseproxybypass/secalert@redhat.com
N/A
http://www.debian.org/security/2012/dsa-2405secalert@redhat.com
N/A
http://www.exploit-db.com/exploits/17969secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:144secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150secalert@redhat.com
N/A
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlsecalert@redhat.com
N/A
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2011-1391.htmlsecalert@redhat.com
N/A
http://www.redhat.com/support/errata/RHSA-2011-1392.htmlsecalert@redhat.com
N/A
http://www.securityfocus.com/bid/49957secalert@redhat.com
N/A
http://www.securitytracker.com/id?1026144secalert@redhat.com
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=740045secalert@redhat.com
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/70336secalert@redhat.com
N/A
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Esecalert@redhat.com
N/A
http://kb.juniper.net/JSA10585af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=133294460209056&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://marc.info/?l=bugtraq&m=134987041210674&w=2af854a3a-2127-422b-91ae-364da2661108
N/A
http://osvdb.org/76079af854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0542.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0543.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2011/Oct/232af854a3a-2127-422b-91ae-364da2661108
N/A
http://seclists.org/fulldisclosure/2011/Oct/273af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/46288af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/46414af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/48551af854a3a-2127-422b-91ae-364da2661108
N/A
http://support.apple.com/kb/HT5501af854a3a-2127-422b-91ae-364da2661108
N/A
http://svn.apache.org/viewvc?view=revision&revision=1179239af854a3a-2127-422b-91ae-364da2661108
Patch
http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQltaf854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42af854a3a-2127-422b-91ae-364da2661108
N/A
http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.contextis.com/research/blog/reverseproxybypass/af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2012/dsa-2405af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.exploit-db.com/exploits/17969af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2011:144af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-1391.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.redhat.com/support/errata/RHSA-2011-1392.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securityfocus.com/bid/49957af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.securitytracker.com/id?1026144af854a3a-2127-422b-91ae-364da2661108
N/A
https://bugzilla.redhat.com/show_bug.cgi?id=740045af854a3a-2127-422b-91ae-364da2661108
Exploit
Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/70336af854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3Eaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://kb.juniper.net/JSA10585
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133294460209056&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://osvdb.org/76079
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0542.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0543.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/232
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/273
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/46288
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/46414
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/48551
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT5501
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1179239
Source: secalert@redhat.com
Resource:
Patch
Hyperlink: http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.contextis.com/research/blog/reverseproxybypass/
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2012/dsa-2405
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.exploit-db.com/exploits/17969
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1391.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1392.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/49957
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026144
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=740045
Source: secalert@redhat.com
Resource:
Exploit
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://kb.juniper.net/JSA10585
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=133294460209056&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://marc.info/?l=bugtraq&m=134987041210674&w=2
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://osvdb.org/76079
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0542.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0543.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/232
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://seclists.org/fulldisclosure/2011/Oct/273
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/46288
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/46414
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/48551
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://support.apple.com/kb/HT5501
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://svn.apache.org/viewvc?view=revision&revision=1179239
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Patch
Hyperlink: http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.contextis.com/research/blog/reverseproxybypass/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2012/dsa-2405
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.exploit-db.com/exploits/17969
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1391.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.redhat.com/support/errata/RHSA-2011-1392.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securityfocus.com/bid/49957
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.securitytracker.com/id?1026144
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://bugzilla.redhat.com/show_bug.cgi?id=740045
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Exploit
Patch
Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

646Records found

CVE-2013-2055
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-3.19% / 86.52%
||
7 Day CHG~0.00%
Published-10 Feb, 2014 | 23:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templates to be rendered without being processed and reading the information that is outside of wicket:panel markup.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-wicketn/a
CVE-2020-17527
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-24.62% / 97.62%
||
7 Day CHG~0.00%
Published-03 Dec, 2020 | 18:30
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Tomcat: Request header mix-up between HTTP/2 streams

While investigating bug 64830 it was discovered that Apache Tomcat 10.0.0-M1 to 10.0.0-M9, 9.0.0-M1 to 9.0.39 and 8.5.0 to 8.5.59 could re-use an HTTP request header value from the previous stream received on an HTTP/2 connection for the request associated with the subsequent stream. While this would most likely lead to an error and the closure of the HTTP/2 connection, it is possible that information could leak between requests.

Action-Not Available
Vendor-Oracle CorporationNetApp, Inc.Debian GNU/LinuxThe Apache Software Foundation
Product-debian_linuxelement_plug-inblockchain_platformsd-wan_edgemysql_enterprise_monitorinstantis_enterprisetrackoncommand_system_managercommunications_cloud_native_core_binding_support_functiontomcatcommunications_instant_messaging_servercommunications_cloud_native_core_policyworkload_managerApache Tomcat
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2020-17519
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.1||CRITICAL
EPSS-97.86% / 99.90%
||
7 Day CHG~0.00%
Published-05 Jan, 2021 | 11:40
Updated-27 Oct, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2024-06-13||Apply mitigations per vendor instructions or discontinue use of the product if mitigations are unavailable.
Apache Flink directory traversal attack: reading remote files through the REST API

A change introduced in Apache Flink 1.11.0 (and released in 1.11.1 and 1.11.2 as well) allows attackers to read any file on the local filesystem of the JobManager through the REST interface of the JobManager process. Access is restricted to files accessible by the JobManager process. All users should upgrade to Flink 1.11.3 or 1.12.0 if their Flink instance(s) are exposed. The issue was fixed in commit b561010b0ee741543c3953306037f00d7a9f0801 from apache/flink:master.

Action-Not Available
Vendor-The Apache Software Foundation
Product-flinkApache FlinkflinkFlink
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2020-17517
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.27% / 80.88%
||
7 Day CHG~0.00%
Published-27 Apr, 2021 | 08:22
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ozone S3 Gateway allows bucket and key access to non authenticated users

The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereby exposing data to anonymous clients or users. This affected Apache Ozone prior to the 1.1.0 release.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ozoneApache Ozone
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-17508
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.02% / 78.57%
||
7 Day CHG~0.00%
Published-11 Jan, 2021 | 09:40
Updated-04 Aug, 2024 | 14:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The ATS ESI plugin has a memory disclosure vulnerability. If you are running the plugin please upgrade. Apache Traffic Server versions 7.0.0 to 7.1.11 and 8.0.0 to 8.1.0 are affected.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-traffic_serverApache Traffic Server
CVE-2020-13937
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-78.81% / 99.54%
||
7 Day CHG~0.00%
Published-19 Oct, 2020 | 20:33
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Kylin 2.0.0, 2.1.0, 2.2.0, 2.3.0, 2.3.1, 2.3.2, 2.4.0, 2.4.1, 2.5.0, 2.5.1, 2.5.2, 2.6.0, 2.6.1, 2.6.2, 2.6.3, 2.6.4, 2.6.5, 2.6.6, 3.0.0-alpha, 3.0.0-alpha2, 3.0.0-beta, 3.0.0, 3.0.1, 3.0.2, 3.1.0, 4.0.0-alpha has one restful api which exposed Kylin's configuration information without any authentication, so it is dangerous because some confidential information entries will be disclosed to everyone.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-kylinApache Kylin
CWE ID-CWE-922
Insecure Storage of Sensitive Information
CVE-2020-13924
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-4.04% / 89.37%
||
7 Day CHG~0.00%
Published-17 Mar, 2021 | 09:05
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Ambari versions 2.6.2.2 and earlier, malicious users can construct file names for directory traversal and traverse to other directories to download files.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ambariApache Ambari
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-13933
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-48.02% / 98.71%
||
7 Day CHG~0.00%
Published-17 Aug, 2020 | 20:19
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Shiro before 1.6.0, when using Apache Shiro, a specially crafted HTTP request may cause an authentication bypass.

Action-Not Available
Vendor-n/aThe Apache Software FoundationDebian GNU/Linux
Product-shirodebian_linuxApache Shiro
CVE-2020-13953
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-2.65% / 83.78%
||
7 Day CHG~0.00%
Published-30 Sep, 2020 | 16:51
Updated-04 Aug, 2024 | 12:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Tapestry from 5.4.0 to 5.5.0, crafting specific URLs, an attacker can download files inside the WEB-INF folder of the WAR being run.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tapestryApache Tapestry
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2010-3863
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-54.80% / 98.90%
||
7 Day CHG~0.00%
Published-05 Nov, 2010 | 16:28
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Shiro before 1.1.0, and JSecurity 0.9.x, does not canonicalize URI paths before comparing them to entries in the shiro.ini file, which allows remote attackers to bypass intended access restrictions via a crafted request, as demonstrated by the /./account/index.jsp URI.

Action-Not Available
Vendor-jsecurityn/aThe Apache Software Foundation
Product-shirojsecurityn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2020-11991
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-73.08% / 99.39%
||
7 Day CHG~0.00%
Published-11 Sep, 2020 | 13:28
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using the StreamGenerator, the code parse a user-provided XML. A specially crafted XML, including external system entities, could be used to access any file on the server system.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-cocoonApache Cocoon
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2020-11971
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-14.33% / 96.17%
||
7 Day CHG~0.00%
Published-14 May, 2020 | 16:18
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Camel's JMX is vulnerable to Rebind Flaw. Apache Camel 2.22.x, 2.23.x, 2.24.x, 2.25.x, 3.0.0 up to 3.1.0 is affected. Users should upgrade to 3.2.0.

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-communications_diameter_signaling_routercommunications_diameter_intelligence_hubcamelflexcube_private_bankingenterprise_manager_base_platformApache Camel
CVE-2020-11994
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-4.49% / 90.32%
||
7 Day CHG~0.00%
Published-08 Jul, 2020 | 15:13
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Server-Side Template Injection and arbitrary file disclosure on Camel templating components

Action-Not Available
Vendor-n/aThe Apache Software FoundationOracle Corporation
Product-communications_diameter_signaling_routercamelenterprise_manager_base_platformenterprise_repositoryApache Camel
CWE ID-CWE-74
Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
CVE-2020-11976
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-3.76% / 88.57%
||
7 Day CHG~0.00%
Published-11 Aug, 2020 | 18:15
Updated-04 Aug, 2024 | 11:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

By crafting a special URL it is possible to make Wicket deliver unprocessed HTML templates. This would allow an attacker to see possibly sensitive information inside a HTML template that is usually removed during rendering. Affected are Apache Wicket versions 7.16.0, 8.8.0 and 9.0.0-M5

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-fortresswicketApache Wicket
CWE ID-CWE-552
Files or Directories Accessible to External Parties
CVE-2010-2791
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-8.28% / 94.24%
||
7 Day CHG~0.00%
Published-05 Aug, 2010 | 18:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

mod_proxy in httpd in Apache HTTP Server 2.2.9, when running on Unix, does not close the backend connection if a timeout occurs when reading a response from a persistent connection, which allows remote attackers to obtain a potentially sensitive response intended for a different client in opportunistic circumstances via a normal HTTP request. NOTE: this is the same issue as CVE-2010-2068, but for a different OS and set of affected versions.

Action-Not Available
Vendor-unixn/aThe Apache Software Foundation
Product-unixhttp_servern/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2012-3353
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-3.14% / 86.33%
||
7 Day CHG~0.00%
Published-08 Jan, 2018 | 21:00
Updated-16 Sep, 2024 | 23:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Apache Sling JCR ContentLoader 2.1.4 XmlReader used in the Sling JCR content loader module makes it possible to import arbitrary files in the content repository, including local files, causing potential information leaks. Users should upgrade to version 2.1.6 of the JCR ContentLoader

Action-Not Available
Vendor-The Apache Software Foundation
Product-sling_jcr_contentloaderApache Sling
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-12426
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-4.89% / 91.01%
||
7 Day CHG~0.00%
Published-06 Feb, 2020 | 16:47
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

an unauthenticated user could get access to information of some backend screens by invoking setSessionLocale in Apache OFBiz 16.11.01 to 16.11.06

Action-Not Available
Vendor-The Apache Software Foundation
Product-ofbizApache OFBiz
CVE-2019-12414
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-2.71% / 84.15%
||
7 Day CHG~0.00%
Published-16 Dec, 2019 | 21:52
Updated-04 Aug, 2024 | 23:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Incubator Superset before 0.32, a user can view database names that he has no access to on a dropdown list in SQLLab

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-supersetApache Incubator Superset
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0202
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.04% / 78.81%
||
7 Day CHG~0.00%
Published-25 Jul, 2019 | 23:17
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The Apache Storm Logviewer daemon exposes HTTP-accessible endpoints to read/search log files on hosts running Storm. In Apache Storm versions 0.9.1-incubating to 1.2.2, it is possible to read files off the host's file system that were not intended to be accessible via these endpoints.

Action-Not Available
Vendor-The Apache Software Foundation
Product-stormStorm
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-532
Insertion of Sensitive Information into Log File
CVE-2019-0231
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.20% / 80.35%
||
7 Day CHG~0.00%
Published-01 Oct, 2019 | 19:39
Updated-13 Feb, 2025 | 16:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache MINA SSLFilter security Issue

Handling of the close_notify SSL/TLS message does not lead to a connection closure, leading the server to retain the socket opened and to have the client potentially receive clear text messages afterward. Mitigation: 2.0.20 users should migrate to 2.0.21, 2.1.0 users should migrate to 2.1.1. This issue affects: Apache MINA.

Action-Not Available
Vendor-The Apache Software Foundation
Product-minaApache MINA
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2019-0188
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-8.46% / 94.35%
||
7 Day CHG~0.00%
Published-28 May, 2019 | 18:10
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Camel prior to 2.24.0 contains an XML external entity injection (XXE) vulnerability (CWE-611) due to using an outdated vulnerable JSON-lib library. This affects only the camel-xmljson component, which was removed.

Action-Not Available
Vendor-The Apache Software FoundationOracle Corporation
Product-enterprise_repositorycamelflexcube_private_bankingenterprise_data_qualityenterprise_manager_base_platformApache Camel
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2019-0207
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-3.09% / 86.13%
||
7 Day CHG~0.00%
Published-16 Sep, 2019 | 16:36
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Tapestry processes assets `/assets/ctx` using classes chain `StaticFilesFilter -> AssetDispatcher -> ContextResource`, which doesn't filter the character `\`, so attacker can perform a path traversal attack to read any files on Windows platform.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tapestryApache Tapestry
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2019-10083
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-2.75% / 84.41%
||
7 Day CHG~0.00%
Published-19 Nov, 2019 | 21:34
Updated-04 Aug, 2024 | 22:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-nifiApache NiFi
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2019-0220
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-17.86% / 96.81%
||
7 Day CHG~0.00%
Published-11 Jun, 2019 | 20:49
Updated-04 Aug, 2024 | 17:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A vulnerability was found in Apache HTTP Server 2.4.0 to 2.4.38. When the path component of a request URL contains multiple consecutive slashes ('/'), directives such as LocationMatch and RewriteRule must account for duplicates in regular expressions while other aspects of the servers processing will implicitly collapse them.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software FoundationopenSUSEFedora ProjectDebian GNU/Linux
Product-http_serverubuntu_linuxdebian_linuxfedoraleapApache HTTP Server
CWE ID-CWE-706
Use of Incorrectly-Resolved Name or Reference
CVE-2011-5062
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-7.63% / 93.83%
||
7 Day CHG~0.00%
Published-14 Jan, 2012 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.12 does not check qop values, which might allow remote attackers to bypass intended integrity-protection requirements via a qop=auth value, a different vulnerability than CVE-2011-1184.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CVE-2018-8003
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-4.46% / 90.26%
||
7 Day CHG~0.00%
Published-03 May, 2018 | 23:00
Updated-16 Sep, 2024 | 17:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Ambari, versions 1.4.0 to 2.6.1, is susceptible to a directory traversal attack allowing an unauthenticated user to craft an HTTP request which provides read-only access to any file on the filesystem of the host the Ambari Server runs on that is accessible by the user the Ambari Server is running as. Direct network access to the Ambari Server is required to issue this request, and those Ambari Servers that are protected behind a firewall, or in a restricted network zone are at less risk of being affected by this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ambariApache Ambari
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2018-8034
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-21.30% / 97.29%
||
7 Day CHG~0.00%
Published-01 Aug, 2018 | 18:00
Updated-21 Oct, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The host name verification when using TLS with the WebSocket client was missing. It is now enabled by default. Versions Affected: Apache Tomcat 9.0.0.M1 to 9.0.9, 8.5.0 to 8.5.31, 8.0.0.RC1 to 8.0.52, and 7.0.35 to 7.0.88.

Action-Not Available
Vendor-Canonical Ltd.The Apache Software FoundationDebian GNU/LinuxOracle Corporation
Product-retail_order_brokerubuntu_linuxdebian_linuxtomcatApache Tomcat
CWE ID-CWE-295
Improper Certificate Validation
CVE-2018-8041
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-9.85% / 94.98%
||
7 Day CHG~0.00%
Published-17 Sep, 2018 | 14:00
Updated-17 Sep, 2024 | 04:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.

Action-Not Available
Vendor-The Apache Software Foundation
Product-camelApache Camel
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2011-4343
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-5.33% / 91.62%
||
7 Day CHG~0.00%
Published-08 Aug, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Information disclosure vulnerability in Apache MyFaces Core 2.0.1 through 2.0.10 and 2.1.0 through 2.1.4 allows remote attackers to inject EL expressions via crafted parameters.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-myfacesn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-20243
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.64% / 83.72%
||
7 Day CHG~0.00%
Published-13 Oct, 2020 | 18:23
Updated-05 Aug, 2024 | 11:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The implementation of POST with the username and password in the URL parameters exposed the credentials. More infomration is available in fineract jira issues 726 and 629.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-fineractApache Fineract
CWE ID-CWE-522
Insufficiently Protected Credentials
CVE-2011-3600
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-15.91% / 96.49%
||
7 Day CHG~0.00%
Published-26 Nov, 2019 | 00:07
Updated-06 Aug, 2024 | 23:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The /webtools/control/xmlrpc endpoint in OFBiz XML-RPC event handler is exposed to External Entity Injection by passing DOCTYPE declarations with executable payloads that discloses the contents of files in the filesystem. In addition, it can also be used to probe for open network ports, and figure out from returned error messages whether a file exists or not. This affects OFBiz 16.11.01 to 16.11.04.

Action-Not Available
Vendor-OFBizThe Apache Software Foundation
Product-ofbizOFBiz
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1308
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-20.94% / 97.25%
||
7 Day CHG~0.00%
Published-09 Apr, 2018 | 13:00
Updated-17 Sep, 2024 | 02:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

This vulnerability in Apache Solr 1.2 to 6.6.2 and 7.0.0 to 7.2.1 relates to an XML external entity expansion (XXE) in the `&dataConfig=<inlinexml>` parameter of Solr's DataImportHandler. It can be used as XXE using file/ftp/http protocols in order to read arbitrary local files from the Solr server or the internal network.

Action-Not Available
Vendor-The Apache Software FoundationDebian GNU/Linux
Product-debian_linuxsolrApache Solr
CWE ID-CWE-611
Improper Restriction of XML External Entity Reference
CVE-2018-1337
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-9.8||CRITICAL
EPSS-5.31% / 91.60%
||
7 Day CHG~0.00%
Published-10 Jul, 2018 | 13:00
Updated-17 Sep, 2024 | 01:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache Directory LDAP API before 1.0.2, a bug in the way the SSL Filter was setup made it possible for another thread to use the connection before the TLS layer has been established, if the connection has already been used and put back in a pool of connections, leading to leaking any information contained in this request (including the credentials when sending a BIND request).

Action-Not Available
Vendor-The Apache Software Foundation
Product-directory_ldap_apiApache Directory
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-3375
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-6.69% / 93.10%
||
7 Day CHG~0.00%
Published-19 Jan, 2012 | 02:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Tomcat 6.0.30 through 6.0.33 and 7.x before 7.0.22 does not properly perform certain caching and recycling operations involving request objects, which allows remote attackers to obtain unintended read access to IP address and HTTP header information in opportunistic circumstances by reading TCP data.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-tomcatn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2018-11804
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-5.70% / 92.07%
||
7 Day CHG~0.00%
Published-24 Oct, 2018 | 00:00
Updated-05 Aug, 2024 | 08:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Spark's Apache Maven-based build includes a convenience script, 'build/mvn', that downloads and runs a zinc server to speed up compilation. It has been included in release branches since 1.3.x, up to and including master. This server will accept connections from external hosts by default. A specially-crafted request to the zinc server could cause it to reveal information in files readable to the developer account running the build. Note that this issue does not affect end users of Spark, only developers building Spark from source code.

Action-Not Available
Vendor-The Apache Software Foundation
Product-sparkApache Spark
CVE-2018-11783
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.87% / 76.77%
||
7 Day CHG~0.00%
Published-07 Mar, 2019 | 18:00
Updated-16 Sep, 2024 | 22:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

sslheaders plugin extracts information from the client certificate and sets headers in the request based on the configuration of the plugin. The plugin doesn't strip the headers from the request in some scenarios. This problem was discovered in versions 6.0.0 to 6.0.3, 7.0.0 to 7.1.5, and 8.0.0 to 8.0.1.

Action-Not Available
Vendor-The Apache Software Foundation
Product-traffic_serverApache Traffic Server
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2011-2729
Matching Score-8
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-8
Assigner-Red Hat, Inc.
CVSS Score-5||MEDIUM
EPSS-7.24% / 93.57%
||
7 Day CHG~0.00%
Published-15 Aug, 2011 | 21:00
Updated-29 Apr, 2026 | 01:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

native/unix/native/jsvc-unix.c in jsvc in the Daemon component 1.0.3 through 1.0.6 in Apache Commons, as used in Apache Tomcat 5.5.32 through 5.5.33, 6.0.30 through 6.0.32, and 7.0.x before 7.0.20 on Linux, does not drop capabilities, which allows remote attackers to bypass read permissions for files via a request to an application.

Action-Not Available
Vendor-n/aThe Apache Software FoundationLinux Kernel Organization, Inc
Product-tomcatlinux_kernelapache_commons_daemonn/a
CVE-2017-9798
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-95.00% / 99.85%
||
7 Day CHG~0.00%
Published-18 Sep, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache httpd allows remote attackers to read secret data from process memory if the Limit directive can be set in a user's .htaccess file, or if httpd.conf has certain misconfigurations, aka Optionsbleed. This affects the Apache HTTP Server through 2.2.34 and 2.4.x through 2.4.27. The attacker sends an unauthenticated OPTIONS HTTP request when attempting to read secret data. This is a use-after-free issue and thus secret data is not always sent, and the specific data depends on many factors including configuration. Exploitation with .htaccess can be blocked with a patch to the ap_limit_section function in server/core.c.

Action-Not Available
Vendor-Debian GNU/LinuxThe Apache Software Foundation
Product-debian_linuxhttp_serverApache HTTP Server
CWE ID-CWE-416
Use After Free
CVE-2008-6505
Matching Score-8
Assigner-MITRE Corporation
ShareView Details
Matching Score-8
Assigner-MITRE Corporation
CVSS Score-5||MEDIUM
EPSS-72.52% / 99.37%
||
7 Day CHG~0.00%
Published-23 Mar, 2009 | 14:00
Updated-23 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple directory traversal vulnerabilities in Apache Struts 2.0.x before 2.0.12 and 2.1.x before 2.1.3 allow remote attackers to read arbitrary files via a ..%252f (encoded dot dot slash) in a URI with a /struts/ path, related to (1) FilterDispatcher in 2.0.x and (2) DefaultStaticContentLoader in 2.1.x.

Action-Not Available
Vendor-n/aThe Apache Software Foundation
Product-strutsn/a
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-7685
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-2.86% / 85.04%
||
7 Day CHG~0.00%
Published-14 Jul, 2017 | 15:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache OpenMeetings 1.0.0 responds to the following insecure HTTP methods: PUT, DELETE, HEAD, and PATCH.

Action-Not Available
Vendor-The Apache Software Foundation
Product-openmeetingsApache OpenMeetings
CVE-2017-7675
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-10.14% / 95.08%
||
7 Day CHG~0.00%
Published-11 Aug, 2017 | 02:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The HTTP/2 implementation in Apache Tomcat 9.0.0.M1 to 9.0.0.M21 and 8.5.0 to 8.5.15 bypassed a number of security checks that prevented directory traversal attacks. It was therefore possible to bypass security constraints using a specially crafted URL.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
CVE-2017-7686
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.97% / 85.57%
||
7 Day CHG~0.00%
Published-28 Jun, 2017 | 13:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache Ignite 1.0.0-RC3 to 2.0 uses an update notifier component to update the users about new project releases that include additional functionality, bug fixes and performance improvements. To do that the component communicates to an external PHP server (http://ignite.run) where it needs to send some system properties like Apache Ignite or Java version. Some of the properties might contain user sensitive information.

Action-Not Available
Vendor-The Apache Software Foundation
Product-igniteApache Ignite
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5658
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-1.82% / 76.13%
||
7 Day CHG~0.00%
Published-04 Oct, 2018 | 14:00
Updated-16 Sep, 2024 | 20:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The statistics generator in Apache Pony Mail 0.7 to 0.9 was found to be returning timestamp data without proper authorization checks. This could lead to derived information disclosure on private lists about the timing of specific email subjects or text bodies, though without disclosing the content itself. As this was primarily used as a caching feature for faster loading times, the caching was disabled by default to prevent this. Users using 0.9 should upgrade to 0.10 to address this issue.

Action-Not Available
Vendor-The Apache Software Foundation
Product-pony_mailApache Pony Mail
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-5656
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-6.83% / 93.23%
||
7 Day CHG~0.00%
Published-18 Apr, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Apache CXF's STSClient before 3.1.11 and 3.0.13 uses a flawed way of caching tokens that are associated with delegation tokens, which means that an attacker could craft a token which would return an identifer corresponding to a cached token for another user.

Action-Not Available
Vendor-The Apache Software Foundation
Product-cxfApache CXF
CWE ID-CWE-384
Session Fixation
CVE-2017-5654
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-2.19% / 80.24%
||
7 Day CHG~0.00%
Published-12 May, 2017 | 21:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Ambari 2.4.x (before 2.4.3) and Ambari 2.5.0, an authorized user of the Ambari Hive View may be able to gain unauthorized read access to files on the host where the Ambari server executes.

Action-Not Available
Vendor-The Apache Software Foundation
Product-ambariApache Ambari
CWE ID-CWE-91
XML Injection (aka Blind XPath Injection)
CVE-2017-5652
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-1.22% / 64.92%
||
7 Day CHG~0.00%
Published-10 Jul, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

During a routine security analysis, it was found that one of the ports in Apache Impala (incubating) 2.7.0 to 2.8.0 sent data in plaintext even when the cluster was configured to use TLS. The port in question was used by the StatestoreSubscriber class which did not use the appropriate secure Thrift transport when TLS was turned on. It was therefore possible for an adversary, with access to the network, to eavesdrop on the packets going to and coming from that port and view the data in plaintext.

Action-Not Available
Vendor-The Apache Software Foundation
Product-impalaApache Impala
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CVE-2017-5635
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-3.29% / 86.97%
||
7 Day CHG~0.00%
Published-19 Oct, 2017 | 20:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Apache NiFi before 0.7.2 and 1.x before 1.1.2 in a cluster environment, if an anonymous user request is replicated to another node, the originating node identity is used rather than the "anonymous" user.

Action-Not Available
Vendor-The Apache Software Foundation
Product-nifiApache NiFi
CWE ID-CWE-287
Improper Authentication
CVE-2017-5647
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-16.84% / 96.67%
||
7 Day CHG~0.00%
Published-17 Apr, 2017 | 16:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A bug in the handling of the pipelined requests in Apache Tomcat 9.0.0.M1 to 9.0.0.M18, 8.5.0 to 8.5.12, 8.0.0.RC1 to 8.0.42, 7.0.0 to 7.0.76, and 6.0.0 to 6.0.52, when send file was used, results in the pipelined request being lost when send file processing of the previous request completed. This could result in responses appearing to be sent for the wrong request. For example, a user agent that sent requests A, B and C could see the correct response for request A, the response for request C for request B and no response for request C.

Action-Not Available
Vendor-The Apache Software Foundation
Product-tomcatApache Tomcat
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CVE-2017-3156
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-6.31% / 92.76%
||
7 Day CHG~0.00%
Published-10 Aug, 2017 | 18:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The OAuth2 Hawk and JOSE MAC Validation code in Apache CXF prior to 3.0.13 and 3.1.x prior to 3.1.10 is not using a constant time MAC signature comparison algorithm which may be exploited by sophisticated timing attacks.

Action-Not Available
Vendor-The Apache Software Foundation
Product-cxfApache CXF
CVE-2017-3163
Matching Score-8
Assigner-Apache Software Foundation
ShareView Details
Matching Score-8
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-6.56% / 92.99%
||
7 Day CHG~0.00%
Published-30 Aug, 2017 | 14:00
Updated-13 May, 2026 | 00:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using the Index Replication feature, Apache Solr nodes can pull index files from a master/leader node using an HTTP API which accepts a file name. However, Solr before 5.5.4 and 6.x before 6.4.1 did not validate the file name, hence it was possible to craft a special request involving path traversal, leaving any file readable to the Solr server process exposed. Solr servers protected and restricted by firewall rules and/or authentication would not be at risk since only trusted clients and users would gain direct HTTP access.

Action-Not Available
Vendor-The Apache Software Foundation
Product-solrApache Solr
CWE ID-CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 12
  • 13
  • Next
Details not found