Debian Security Bug TrackerDEBIANCVE:CVE-2011-4317

HistoryNov 30, 2011 - 4:05 a.m.

CVE-2011-4317

2011-11-3004:05:00

Debian Security Bug Tracker

security-tracker.debian.org

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.937 High

EPSS

Percentile

99.1%

JSON

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

OSVersionArchitecturePackageVersionFilename
Debian12allapache2< 2.2.21-3apache2_2.2.21-3_all.deb
Debian11allapache2< 2.2.21-3apache2_2.2.21-3_all.deb
Debian10allapache2< 2.2.21-3apache2_2.2.21-3_all.deb
Debian999allapache2< 2.2.21-3apache2_2.2.21-3_all.deb
Debian13allapache2< 2.2.21-3apache2_2.2.21-3_all.deb

OS	Version	Architecture	Package	Version	Filename
Debian	12	all	apache2	< 2.2.21-3	apache2_2.2.21-3_all.deb
Debian	11	all	apache2	< 2.2.21-3	apache2_2.2.21-3_all.deb
Debian	10	all	apache2	< 2.2.21-3	apache2_2.2.21-3_all.deb
Debian	999	all	apache2	< 2.2.21-3	apache2_2.2.21-3_all.deb
Debian	13	all	apache2	< 2.2.21-3	apache2_2.2.21-3_all.deb

thn 1

securityvulns 7

openvas 48

cve 3

ubuntucve 3

nessus 54

prion 3

veracode 3

seebug 4

httpd 4

f5 3

packetstorm 2

fedora 2

freebsd 2

debiancve 2

altlinux 6

checkpoint_advisories 2

exploitpack 1

oraclelinux 4

threatpost 1

osv 1

debian 2

slackware 1

redhat 6

amazon 2

centos 2

exploitdb 1

ubuntu 2

suse 3

nmap 1

gentoo 1

hackerone 1

ibm 4

kaspersky 1

oracle 2

thn

New Apache Reverse Proxy Flaw Allows Access to Internal Network

2011-11-27 08:58:00

securityvulns

Apache mod_proxy unauthorized internal network access

2012-01-11 00:00:00

[ MDVSA-2011:144 ] apache

2011-10-12 00:00:00

Apache multiple security vulnerabilities

2012-02-03 00:00:00

openvas

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

2011-10-11 00:00:00

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

2011-10-11 00:00:00

Mandriva Update for apache MDVSA-2012:003 (apache)

2012-01-13 00:00:00

cve

CVE-2011-4317

2011-11-30 04:05:00

CVE-2011-3368

2011-10-05 22:55:00

CVE-2011-3639

2011-11-30 04:05:00

ubuntucve

CVE-2011-4317

2011-11-29 00:00:00

CVE-2011-3368

2011-10-05 00:00:00

CVE-2011-3639

2011-11-30 00:00:00

nessus

Apache HTTP Server mod_proxy Reverse Proxy Information Disclosure

2011-11-29 00:00:00

openSUSE Security Update : apache2 (openSUSE-SU-2012:0248-1)

2014-06-13 00:00:00

openSUSE Security Update : apache2 (openSUSE-SU-2012:0212-1)

2014-06-13 00:00:00

prion

Design/Logic Flaw

2011-11-30 04:05:00

Design/Logic Flaw

2011-10-05 22:55:00

Design/Logic Flaw

2011-11-30 04:05:00

veracode

Unauthorized Reverse Proxy Connection

2020-04-10 01:10:16

Information Disclosure

2020-04-10 01:03:06

Man-in-the-Middle (MitM)

2020-04-10 01:10:15

seebug

Apache HTTP Server mod_proxy反向代理模式安全限制绕过漏洞

2011-11-25 00:00:00

Apache HTTP Server 'mod_proxy'反向代理信息泄露漏洞

2011-10-08 00:00:00

Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC

2011-10-12 00:00:00

httpd

Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure

2011-10-20 00:00:00

Apache Httpd < 1.3-never : mod_proxy reverse proxy exposure

2011-09-16 00:00:00

Apache Httpd < 2.0.65 : mod_proxy reverse proxy exposure

2011-09-16 00:00:00

K15889 : Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053

2015-08-03 00:00:00

SOL15889 - Apache HTTP server vulnerabilities CVE-2011-3368, CVE-2011-4317, CVE-2012-0021, CVE-2012-0031, and CVE-2012-0053

2014-12-03 00:00:00

K20979231 : Apache vulnerability CVE-2011-3639

2015-12-29 00:00:00

packetstorm

Apache Reverse Proxy Bypass

2011-10-06 00:00:00

Apache mod_proxy Proof Of Concept

2011-10-11 00:00:00

fedora

[SECURITY] Fedora 16 Update: httpd-2.2.22-1.fc16

2012-02-21 01:28:42

[SECURITY] Fedora 15 Update: httpd-2.2.22-1.fc15

2012-03-06 19:30:50

freebsd

Apache 1.3 -- mod_proxy reverse proxy exposure

2011-10-05 00:00:00

apache -- multiple vulnerabilities

2011-10-05 00:00:00

debiancve

CVE-2011-3368

2011-10-05 22:55:00

CVE-2011-3639

2011-11-30 04:05:00

altlinux

Security fix for the ALT Linux 9 package apache2 version 2.2.21-alt2

2011-11-19 00:00:00

Security fix for the ALT Linux 10 package apache2 version 2.2.21-alt2

2011-11-19 00:00:00

Security fix for the ALT Linux 8 package apache2 version 2.2.21-alt2

2011-11-19 00:00:00

checkpoint_advisories

Apache HTTPD mod_proxy Information Disclosure (CVE-2011-3368)

2011-11-01 00:00:00

Apache HTTPD mod_proxy Security Bypass (CVE-2011-3368)

2012-03-05 00:00:00

exploitpack

Apache mod_proxy - Reverse Proxy Exposure

2011-10-11 00:00:00

oraclelinux

httpd security and bug fix update

2011-10-20 00:00:00

httpd security and bug fix update

2011-10-20 00:00:00

httpd security update

2012-02-13 00:00:00

threatpost

New Apache Reverse Proxy Issue Uncovered

2011-11-26 23:41:49

osv

apache2 - multiple issues

2012-02-06 00:00:00

debian

[SECURITY] [DSA 2405-1] apache2 security update

2012-02-06 09:06:39

[SECURITY] [DSA 2405-1] apache2 security update

2012-02-06 09:06:39

slackware

[slackware-security] httpd

2012-02-10 17:43:57

redhat

(RHSA-2012:0128) Moderate: httpd security update

2012-02-13 00:00:00

(RHSA-2011:1392) Moderate: httpd security and bug fix update

2011-10-20 00:00:00

(RHSA-2011:1391) Moderate: httpd security and bug fix update

2011-10-20 00:00:00

amazon

Medium: httpd

2012-02-16 10:48:00

Medium: httpd

2011-10-31 18:19:00

centos

httpd, mod_ssl security update

2012-02-14 11:13:29

httpd, mod_ssl security update

2011-10-20 21:19:56

exploitdb

Apache mod_proxy - Reverse Proxy Exposure

2011-10-11 00:00:00

ubuntu

Apache vulnerabilities

2011-11-11 00:00:00

Apache HTTP Server vulnerabilities

2012-02-16 00:00:00

suse

apache2: Fixed several security issues (important)

2011-11-04 09:08:34

Security update for Apache2 (important)

2011-11-04 09:08:25

Security update for apache2 (important)

2011-11-09 19:08:34

nmap

http-vuln-cve2011-3368 NSE Script

2011-11-17 19:33:19

gentoo

Apache HTTP Server: Multiple vulnerabilities

2012-06-24 00:00:00

hackerone

U.S. Dept Of Defense: Out-of-date Version (Apache)

2016-11-24 15:09:27

ibm

Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

Security Bulletin: Storwize V7000 Unified V1.3.2.3 and V1.4.0.0 Include Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

kaspersky

KLA10065 Multiple vulnerabilities in Apache httpd

2013-07-22 00:00:00

oracle

Oracle Critical Patch Update - July 2012

2012-07-17 00:00:00

Oracle Critical Patch Update Advisory - January 2015

2015-03-10 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.937 High

EPSS

Percentile

99.1%

JSON

Related for DEBIANCVE:CVE-2011-4317