CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:M/Au:N/C:N/I:P/A:N
EPSS
Percentile
99.6%
A Watchfire whitepaper reports an vulnerability in the
Apache webserver. The vulnerability can be exploited by
malicious people causing cross site scripting, web cache
poisoining, session hijacking and most importantly the
ability to bypass web application firewall protection.
Exploiting this vulnerability requires multiple carefully
crafted HTTP requests, taking advantage of an caching server,
proxy server, web application firewall etc. This only affects
installations where Apache is used as HTTP proxy in
combination with the following web servers:
IIS/6.0 and 5.0
Apache 2.0.45 (as web server)
apache 1.3.29
WebSphere 5.1 and 5.0
WebLogic 8.1 SP1
Oracle9iAS web server 9.0.2
SunONE web server 6.1 SP4
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | apache | < 1.3.33_2 | UNKNOWN |
FreeBSD | any | noarch | apache+ssl | < 1.3.33.1.55_1 | UNKNOWN |
FreeBSD | any | noarch | apache+mod_perl | < 1.3.33_3 | UNKNOWN |
FreeBSD | any | noarch | apache+mod_ssl | < 1.3.33+2.8.22_1 | UNKNOWN |
FreeBSD | any | noarch | apache+mod_ssl+ipv6 | < 1.3.33+2.8.22_1 | UNKNOWN |
FreeBSD | any | noarch | apache+mod_ssl+mod_accel | < 1.3.33+2.8.22_1 | UNKNOWN |
FreeBSD | any | noarch | apache+mod_ssl+mod_accel+ipv6 | < 1.3.33+2.8.22_1 | UNKNOWN |
FreeBSD | any | noarch | apache+mod_ssl+mod_accel+mod_deflate | < 1.3.33+2.8.22_1 | UNKNOWN |
FreeBSD | any | noarch | apache+mod_ssl+mod_accel+mod_deflate+ipv6 | < 1.3.33+2.8.22_1 | UNKNOWN |
FreeBSD | any | noarch | apache+mod_ssl+mod_deflate | < 1.3.33+2.8.22_1 | UNKNOWN |