A flaw was found when mod_proxy_ajp is used together with mod_proxy_balancer. Given a specific configuration, a remote attacker could send certain malformed HTTP requests, putting a backend server into an error state until the retry timeout expired. This could lead to a temporary denial of service.

CPENameOperatorVersion
apache httpdeq2.2.20
apache httpdeq2.2.19
apache httpdeq2.2.18
apache httpdeq2.2.17
apache httpdeq2.2.16
apache httpdeq2.2.15
apache httpdeq2.2.14
apache httpdeq2.2.13
apache httpdeq2.2.12

Name	Operator	Version
apache httpd	eq	2.2.20
apache httpd	eq	2.2.19
apache httpd	eq	2.2.18
apache httpd	eq	2.2.17
apache httpd	eq	2.2.16
apache httpd	eq	2.2.15
apache httpd	eq	2.2.14
apache httpd	eq	2.2.13
apache httpd	eq	2.2.12

checkpoint_advisories 2

seebug 1

nessus 20

altlinux 3

debiancve 1

prion 1

veracode 1

openvas 18

debian 1

cve 1

ubuntucve 1

threatpost 1

amazon 1

securityvulns 3

slackware 1

fedora 1

suse 2

redhat 3

ubuntu 1

f5 2

oraclelinux 1

ibm 2

gentoo 1

hackerone 1

oracle 1

checkpoint_advisories

Apache HTTPD mod_proxy_ajp Denial Of Service (CVE-2011-3348)

2014-11-12 00:00:00

Preemptive Protection against Apache HTTPD mod_proxy_ajp Denial of Service (CVE-2011-3348)

2011-12-06 00:00:00

seebug

Apache HTTP Server mod_proxy_ajp拒绝服务漏洞

2011-09-18 00:00:00

nessus

Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : httpd (SSA:2011-284-01)

2011-10-17 00:00:00

Apache 2.2.x < 2.2.21 mod_proxy_ajp DoS

2011-09-16 00:00:00

Mandriva Linux Security Advisory : apache (MDVSA-2011:168)

2011-11-10 00:00:00

altlinux

Security fix for the ALT Linux 8 package apache2 version 2.2.21-alt1

2011-09-20 00:00:00

Security fix for the ALT Linux 9 package apache2 version 2.2.21-alt1

2011-09-20 00:00:00

Security fix for the ALT Linux 10 package apache2 version 2.2.21-alt1

2011-09-20 00:00:00

debiancve

CVE-2011-3348

2011-09-20 05:55:00

prion

Design/Logic Flaw

2011-09-20 05:55:00

veracode

Denial Of Service (DoS)

2020-04-10 01:03:06

openvas

Apache HTTP Server DoS Vulnerability (Sep 2011) - Linux

2021-11-01 00:00:00

Fedora Update for httpd FEDORA-2011-12715

2011-09-16 00:00:00

Mandriva Update for apache MDVSA-2011:168 (apache)

2011-11-11 00:00:00

debian

[BSA-058] Security Update for apache2

2011-11-14 04:20:22

cve

CVE-2011-3348

2011-09-20 05:55:00

ubuntucve

CVE-2011-3348

2011-09-20 00:00:00

threatpost

Apache Releases Version 2.2.21 With New Fix For Range Header Flaw

2011-09-14 15:29:14

amazon

Medium: httpd

2011-10-31 18:19:00

securityvulns

Multiple HTTP servers DoS

2011-10-20 00:00:00

APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001

2012-02-03 00:00:00

Oracle / Sun / MySQL / PeopleSoft applications multiple security vulnerabilities

2013-08-12 00:00:00

slackware

[slackware-security] httpd

2011-10-14 23:59:50

fedora

[SECURITY] Fedora 15 Update: httpd-2.2.21-1.fc15

2011-09-16 01:58:28

suse

Security update for Apache2 (important)

2011-11-04 09:08:25

apache2: Fixed several security issues (important)

2011-11-04 09:08:34

redhat

(RHSA-2011:1391) Moderate: httpd security and bug fix update

2011-10-20 00:00:00

(RHSA-2012:0543) Moderate: httpd security and bug fix update

2012-05-07 18:13:40

(RHSA-2012:0542) Moderate: httpd security and bug fix update

2012-05-07 00:00:00

ubuntu

Apache vulnerabilities

2011-11-11 00:00:00

SOL15899 - Multiple Apache vulnerabilities CVE-2012-4558, CVE-2012-0883, CVE-2011-3348, and CVE-2010-1452

2014-12-08 00:00:00

K15899 : Multiple Apache vulnerabilities CVE-2012-4558, CVE-2012-0883, CVE-2011-3348, and CVE-2010-1452

2014-12-08 00:00:00

oraclelinux

httpd security and bug fix update

2011-10-20 00:00:00

ibm

Security Bulletin: SONAS Update Includes Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Vendor Security Vulnerabilities

2022-09-26 04:23:14

gentoo

Apache HTTP Server: Multiple vulnerabilities

2012-06-24 00:00:00

hackerone

U.S. Dept Of Defense: Out-of-date Version (Apache)

2016-11-24 15:09:27

oracle

Oracle Critical Patch Update - July 2013

2013-07-16 00:00:00

Products

Security Intelligence
Non-intrusive assessment
Developers SDK
Windows scanner
Linux scanner
Perimeter control tool
MSSP

Database

Vulnerabilities
Exploits
IOC
Security News
BugBounty
Popular
Wild Exploited
Top Vulnerabilities

Tools

Linux Security Scanner
API integration
Subscriptions
Plugins
Manual Audit

Learn More

Stats
API
Docs
Api-keys
License
Pricing
Glossary
FAQ

Company

Blog
Contacts
About Us
OpenSource
EULA
Brand Guideline
Privacy Policy

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply. All product names, logos, and brands are property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.If you are an owner of some content and want it to be removed, please contact us. Using Vulners services you are accepting Vulners services end-user license agreement

@2024 Vulners Inc

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.248 Low

EPSS

Percentile

96.6%

JSON

Related for HTTPD:2CFBCF43507D5A77B05B49EE4D573583