ID CVE-2011-3348
Summary The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
References
Vulnerable Configurations
  • Apache Software Foundation Apache HTTP Server 0.8.11
    cpe:2.3:a:apache:http_server:0.8.11
  • Apache Software Foundation Apache HTTP Server 0.8.14
    cpe:2.3:a:apache:http_server:0.8.14
  • Apache Software Foundation Apache HTTP Server 1.0
    cpe:2.3:a:apache:http_server:1.0
  • Apache Software Foundation Apache HTTP Server 1.0.2
    cpe:2.3:a:apache:http_server:1.0.2
  • Apache Software Foundation Apache HTTP Server 1.0.3
    cpe:2.3:a:apache:http_server:1.0.3
  • Apache Software Foundation Apache HTTP Server 1.0.5
    cpe:2.3:a:apache:http_server:1.0.5
  • Apache Software Foundation Apache HTTP Server 1.1
    cpe:2.3:a:apache:http_server:1.1
  • Apache Software Foundation Apache HTTP Server 1.1.1
    cpe:2.3:a:apache:http_server:1.1.1
  • Apache Software Foundation Apache 1.2
    cpe:2.3:a:apache:http_server:1.2
  • Apache Software Foundation Apache HTTP Server 1.2.4
    cpe:2.3:a:apache:http_server:1.2.4
  • Apache Software Foundation Apache HTTP Server 1.2.5
    cpe:2.3:a:apache:http_server:1.2.5
  • Apache Software Foundation Apache HTTP Server 1.2.6
    cpe:2.3:a:apache:http_server:1.2.6
  • Apache Software Foundation Apache 1.29
    cpe:2.3:a:apache:http_server:1.2.9
  • Apache Software Foundation Apache HTTP Server 1.3
    cpe:2.3:a:apache:http_server:1.3
  • Apache Software Foundation Apache HTTP Server 1.3.0
    cpe:2.3:a:apache:http_server:1.3.0
  • Apache Software Foundation Apache HTTP Server 1.3.1
    cpe:2.3:a:apache:http_server:1.3.1
  • Apache Software Foundation Apache HTTP Server 1.3.1.1
    cpe:2.3:a:apache:http_server:1.3.1.1
  • Apache Software Foundation Apache HTTP Server 1.3.2
    cpe:2.3:a:apache:http_server:1.3.2
  • Apache Software Foundation Apache HTTP Server 1.3.3
    cpe:2.3:a:apache:http_server:1.3.3
  • Apache Software Foundation Apache HTTP Server 1.3.4
    cpe:2.3:a:apache:http_server:1.3.4
  • Apache Software Foundation Apache HTTP Server 1.3.5
    cpe:2.3:a:apache:http_server:1.3.5
  • Apache Software Foundation Apache HTTP Server 1.3.6
    cpe:2.3:a:apache:http_server:1.3.6
  • Apache Software Foundation Apache HTTP Server 1.3.7
    cpe:2.3:a:apache:http_server:1.3.7
  • Apache Software Foundation Apache HTTP Server 1.3.8
    cpe:2.3:a:apache:http_server:1.3.8
  • Apache Software Foundation Apache HTTP Server 1.3.9
    cpe:2.3:a:apache:http_server:1.3.9
  • Apache Software Foundation Apache 1.3.10
    cpe:2.3:a:apache:http_server:1.3.10
  • Apache Software Foundation Apache HTTP Server 1.3.11
    cpe:2.3:a:apache:http_server:1.3.11
  • Apache Software Foundation Apache HTTP Server 1.3.12
    cpe:2.3:a:apache:http_server:1.3.12
  • Apache Software Foundation Apache 1.3.13
    cpe:2.3:a:apache:http_server:1.3.13
  • Apache Software Foundation Apache HTTP Server 1.3.14
    cpe:2.3:a:apache:http_server:1.3.14
  • Apache Software Foundation Apache 1.3.15
    cpe:2.3:a:apache:http_server:1.3.15
  • Apache Software Foundation Apache 1.3.16
    cpe:2.3:a:apache:http_server:1.3.16
  • Apache Software Foundation Apache HTTP Server 1.3.17
    cpe:2.3:a:apache:http_server:1.3.17
  • Apache Software Foundation Apache HTTP Server 1.3.18
    cpe:2.3:a:apache:http_server:1.3.18
  • Apache Software Foundation Apache HTTP Server 1.3.19
    cpe:2.3:a:apache:http_server:1.3.19
  • Apache Software Foundation Apache HTTP Server 1.3.20
    cpe:2.3:a:apache:http_server:1.3.20
  • Apache Software Foundation Apache HTTP Server 1.3.22
    cpe:2.3:a:apache:http_server:1.3.22
  • Apache Software Foundation Apache HTTP Server 1.3.23
    cpe:2.3:a:apache:http_server:1.3.23
  • Apache Software Foundation Apache HTTP Server 1.3.24
    cpe:2.3:a:apache:http_server:1.3.24
  • Apache Software Foundation Apache HTTP Server 1.3.25
    cpe:2.3:a:apache:http_server:1.3.25
  • Apache Software Foundation Apache HTTP Server 1.3.26
    cpe:2.3:a:apache:http_server:1.3.26
  • Apache Software Foundation Apache HTTP Server 1.3.27
    cpe:2.3:a:apache:http_server:1.3.27
  • Apache Software Foundation Apache HTTP Server 1.3.28
    cpe:2.3:a:apache:http_server:1.3.28
  • Apache Software Foundation Apache HTTP Server 1.3.29
    cpe:2.3:a:apache:http_server:1.3.29
  • Apache Software Foundation Apache HTTP Server 1.3.30
    cpe:2.3:a:apache:http_server:1.3.30
  • Apache Software Foundation Apache HTTP Server 1.3.31
    cpe:2.3:a:apache:http_server:1.3.31
  • Apache Software Foundation Apache HTTP Server 1.3.32
    cpe:2.3:a:apache:http_server:1.3.32
  • Apache Software Foundation Apache HTTP Server 1.3.33
    cpe:2.3:a:apache:http_server:1.3.33
  • Apache Software Foundation Apache HTTP Server 1.3.34
    cpe:2.3:a:apache:http_server:1.3.34
  • Apache Software Foundation Apache HTTP Server 1.3.35
    cpe:2.3:a:apache:http_server:1.3.35
  • Apache Software Foundation Apache HTTP Server 1.3.36
    cpe:2.3:a:apache:http_server:1.3.36
  • Apache Software Foundation Apache HTTP Server 1.3.37
    cpe:2.3:a:apache:http_server:1.3.37
  • Apache Software Foundation Apache HTTP Server 1.3.38
    cpe:2.3:a:apache:http_server:1.3.38
  • Apache Software Foundation Apache HTTP Server 1.3.39
    cpe:2.3:a:apache:http_server:1.3.39
  • Apache Software Foundation Apache HTTP Server 1.3.41
    cpe:2.3:a:apache:http_server:1.3.41
  • Apache Software Foundation Apache HTTP Server 1.3.42
    cpe:2.3:a:apache:http_server:1.3.42
  • Apache Software Foundation Apache HTTP Server 1.3.65
    cpe:2.3:a:apache:http_server:1.3.65
  • Apache Software Foundation Apache HTTP Server 1.3.68
    cpe:2.3:a:apache:http_server:1.3.68
  • Apache Software Foundation Apache HTTP Server 1.4.0
    cpe:2.3:a:apache:http_server:1.4.0
  • Apache Software Foundation Apache HTTP Server 1.99
    cpe:2.3:a:apache:http_server:1.99
  • Apache Software Foundation Apache HTTP Server 2.0
    cpe:2.3:a:apache:http_server:2.0
  • Apache Software Foundation Apache HTTP Server 2.0.9a
    cpe:2.3:a:apache:http_server:2.0.9
  • Apache Software Foundation Apache HTTP Server 2.0.28
    cpe:2.3:a:apache:http_server:2.0.28
  • Apache Software Foundation Apache HTTP Server 2.0.28 Beta
    cpe:2.3:a:apache:http_server:2.0.28:beta
  • Apache Software Foundation Apache HTTP Server 2.0.32
    cpe:2.3:a:apache:http_server:2.0.32
  • Apache Software Foundation Apache HTTP Server 2.0.32 Beta
    cpe:2.3:a:apache:http_server:2.0.32:beta
  • Apache Software Foundation Apache HTTP Server 2.0.34 Beta
    cpe:2.3:a:apache:http_server:2.0.34:beta
  • Apache Software Foundation Apache HTTP Server 2.0.35
    cpe:2.3:a:apache:http_server:2.0.35
  • Apache Software Foundation Apache HTTP Server 2.0.36
    cpe:2.3:a:apache:http_server:2.0.36
  • Apache Software Foundation Apache HTTP Server 2.0.37
    cpe:2.3:a:apache:http_server:2.0.37
  • Apache Software Foundation Apache HTTP Server 2.0.38
    cpe:2.3:a:apache:http_server:2.0.38
  • Apache Software Foundation Apache HTTP Server 2.0.39
    cpe:2.3:a:apache:http_server:2.0.39
  • Apache Software Foundation Apache HTTP Server 2.0.40
    cpe:2.3:a:apache:http_server:2.0.40
  • Apache Software Foundation Apache HTTP Server 2.0.41
    cpe:2.3:a:apache:http_server:2.0.41
  • Apache Software Foundation Apache HTTP Server 2.0.42
    cpe:2.3:a:apache:http_server:2.0.42
  • Apache Software Foundation Apache HTTP Server 2.0.43
    cpe:2.3:a:apache:http_server:2.0.43
  • Apache Software Foundation Apache HTTP Server 2.0.44
    cpe:2.3:a:apache:http_server:2.0.44
  • Apache Software Foundation Apache HTTP Server 2.0.45
    cpe:2.3:a:apache:http_server:2.0.45
  • Apache Software Foundation Apache HTTP Server 2.0.46
    cpe:2.3:a:apache:http_server:2.0.46
  • Apache Software Foundation Apache HTTP Server 2.0.47
    cpe:2.3:a:apache:http_server:2.0.47
  • Apache Software Foundation Apache HTTP Server 2.0.48
    cpe:2.3:a:apache:http_server:2.0.48
  • Apache Software Foundation Apache HTTP Server 2.0.49
    cpe:2.3:a:apache:http_server:2.0.49
  • Apache Software Foundation Apache HTTP Server 2.0.50
    cpe:2.3:a:apache:http_server:2.0.50
  • Apache Software Foundation Apache HTTP Server 2.0.51
    cpe:2.3:a:apache:http_server:2.0.51
  • Apache Software Foundation Apache HTTP Server 2.0.52
    cpe:2.3:a:apache:http_server:2.0.52
  • Apache Software Foundation Apache HTTP Server 2.0.53
    cpe:2.3:a:apache:http_server:2.0.53
  • Apache Software Foundation Apache HTTP Server 2.0.54
    cpe:2.3:a:apache:http_server:2.0.54
  • Apache Software Foundation Apache HTTP Server 2.0.55
    cpe:2.3:a:apache:http_server:2.0.55
  • Apache Software Foundation Apache HTTP Server 2.0.56
    cpe:2.3:a:apache:http_server:2.0.56
  • Apache Software Foundation Apache HTTP Server 2.0.57
    cpe:2.3:a:apache:http_server:2.0.57
  • Apache Software Foundation Apache HTTP Server 2.0.58
    cpe:2.3:a:apache:http_server:2.0.58
  • Apache Software Foundation HTTP Server 2.0.59
    cpe:2.3:a:apache:http_server:2.0.59
  • Apache Software Foundation Apache HTTP Server 2.0.60 dev
    cpe:2.3:a:apache:http_server:2.0.60
  • Apache Software Foundation HTTP Server 2.0.61
    cpe:2.3:a:apache:http_server:2.0.61
  • Apache Software Foundation Apache HTTP Server 2.0.63
    cpe:2.3:a:apache:http_server:2.0.63
  • Apache Software Foundation Apache HTTP Server 2.1
    cpe:2.3:a:apache:http_server:2.1
  • Apache Software Foundation Apache HTTP Server 2.1.1
    cpe:2.3:a:apache:http_server:2.1.1
  • Apache Software Foundation Apache HTTP Server 2.1.2
    cpe:2.3:a:apache:http_server:2.1.2
  • Apache Software Foundation Apache HTTP Server 2.1.3
    cpe:2.3:a:apache:http_server:2.1.3
  • Apache Software Foundation Apache HTTP Server 2.1.4
    cpe:2.3:a:apache:http_server:2.1.4
  • Apache Software Foundation Apache HTTP Server 2.1.5
    cpe:2.3:a:apache:http_server:2.1.5
  • Apache Software Foundation Apache HTTP Server 2.1.6
    cpe:2.3:a:apache:http_server:2.1.6
  • Apache Software Foundation Apache HTTP Server 2.1.7
    cpe:2.3:a:apache:http_server:2.1.7
  • Apache Software Foundation Apache HTTP Server 2.1.8
    cpe:2.3:a:apache:http_server:2.1.8
  • Apache Software Foundation Apache HTTP Server 2.1.9
    cpe:2.3:a:apache:http_server:2.1.9
  • Apache Software Foundation Apache HTTP Server 2.2
    cpe:2.3:a:apache:http_server:2.2
  • Apache Software Foundation Apache HTTP Server 2.2.0
    cpe:2.3:a:apache:http_server:2.2.0
  • Apache Software Foundation Apache HTTP Server 2.2.1
    cpe:2.3:a:apache:http_server:2.2.1
  • Apache Software Foundation Apache HTTP Server 2.2.2
    cpe:2.3:a:apache:http_server:2.2.2
  • Apache Software Foundation Apache HTTP Server 2.2.3
    cpe:2.3:a:apache:http_server:2.2.3
  • Apache Software Foundation Apache HTTP Server 2.2.4
    cpe:2.3:a:apache:http_server:2.2.4
  • Apache Software Foundation Apache HTTP Server 2.2.6
    cpe:2.3:a:apache:http_server:2.2.6
  • Apache Software Foundation Apache HTTP Server 2.2.8
    cpe:2.3:a:apache:http_server:2.2.8
  • Apache Software Foundation Apache HTTP Server 2.2.9
    cpe:2.3:a:apache:http_server:2.2.9
  • Apache Software Foundation Apache HTTP Server 2.2.10
    cpe:2.3:a:apache:http_server:2.2.10
  • Apache Software Foundation Apache HTTP Server 2.2.11
    cpe:2.3:a:apache:http_server:2.2.11
  • Apache Software Foundation Apache HTTP Server 2.2.12
    cpe:2.3:a:apache:http_server:2.2.12
  • Apache Software Foundation Apache HTTP Server 2.2.13
    cpe:2.3:a:apache:http_server:2.2.13
  • Apache Software Foundation Apache HTTP Server 2.2.14
    cpe:2.3:a:apache:http_server:2.2.14
  • Apache Software Foundation Apache HTTP Server 2.2.15
    cpe:2.3:a:apache:http_server:2.2.15
  • Apache Software Foundation Apache HTTP Server 2.2.16
    cpe:2.3:a:apache:http_server:2.2.16
  • Apache Software Foundation Apache HTTP Server 2.2.17
    cpe:2.3:a:apache:http_server:2.2.17
  • Apache Software Foundation Apache HTTP Server 2.2.18
    cpe:2.3:a:apache:http_server:2.2.18
  • Apache Software Foundation Apache HTTP Server 2.2.20
    cpe:2.3:a:apache:http_server:2.2.20
CVSS
Base: 4.3 (as of 20-09-2011 - 08:28)
Impact:
Exploitability:
CWE CWE-399
CAPEC
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
nessus via4
  • NASL family Mandriva Local Security Checks
    NASL id MANDRIVA_MDVSA-2011-130.NASL
    description Multiple vulnerabilities has been discovered and corrected in apache : The byterange filter in the Apache HTTP Server 1.3.x, 2.0.x through 2.0.64, and 2.2.x through 2.2.19 allows remote attackers to cause a denial of service (memory and CPU consumption) via a Range header that expresses multiple overlapping ranges, as exploited in the wild in August 2011, a different vulnerability than CVE-2007-0086 (CVE-2011-3192). The updated packages have been patched to correct this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 56084
    published 2011-09-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56084
    title Mandriva Linux Security Advisory : apache (MDVSA-2011:130-1)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_SECUPD2012-001.NASL
    description The remote host is running a version of Mac OS X 10.6 that does not have Security Update 2012-001 applied. This update contains multiple security-related fixes for the following components : - Apache - ATS - ColorSync - CoreAudio - CoreMedia - CoreText - curl - Data Security - dovecot - filecmds - libresolv - libsecurity - OpenGL - PHP - QuickTime - SquirrelMail - Subversion - Tomcat - X11
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 57798
    published 2012-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57798
    title Mac OS X Multiple Vulnerabilities (Security Update 2012-001) (BEAST)
  • NASL family MacOS X Local Security Checks
    NASL id MACOSX_10_7_3.NASL
    description The remote host is running a version of Mac OS X 10.7.x that is prior to 10.7.3. The newer version contains multiple security-related fixes for the following components : - Address Book - Apache - ATS - CFNetwork - CoreMedia - CoreText - CoreUI - curl - Data Security - dovecot - filecmds - ImageIO - Internet Sharing - Libinfo - libresolv - libsecurity - OpenGL - PHP - QuickTime - Subversion - Time Machine - WebDAV Sharing - Webmail - X11
    last seen 2019-02-21
    modified 2018-07-14
    plugin id 57797
    published 2012-02-02
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57797
    title Mac OS X 10.7.x < 10.7.3 Multiple Vulnerabilities (BEAST)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2011-1391.NASL
    description From Red Hat Security Advisory 2011:1391 : Updated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The Apache HTTP Server is a popular web server. It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) It was discovered that mod_proxy_ajp incorrectly returned an 'Internal Server Error' response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348) Red Hat would like to thank Context Information Security for reporting the CVE-2011-3368 issue. This update also fixes the following bug : * The fix for CVE-2011-3192 provided by the RHSA-2011:1245 update introduced regressions in the way httpd handled certain Range HTTP header values. This update corrects those regressions. (BZ#736592) All httpd users should upgrade to these updated packages, which contain backported patches to correct these issues. After installing the updated packages, the httpd daemon must be restarted for the update to take effect.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68376
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68376
    title Oracle Linux 6 : httpd (ELSA-2011-1391)
  • NASL family Slackware Local Security Checks
    NASL id SLACKWARE_SSA_2011-284-01.NASL
    description New httpd packages are available for Slackware 12.0, 12.1, 12.2, 13.0, 13.1, 13.37, and -current to fix security issues.
    last seen 2019-02-21
    modified 2019-01-02
    plugin id 56513
    published 2011-10-17
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=56513
    title Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : httpd (SSA:2011-284-01)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2011-9.NASL
    description It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to the attacker. (CVE-2011-3368) It was discovered that mod_proxy_ajp incorrectly returned an 'Internal Server Error' response when processing certain malformed HTTP requests, which caused the back-end server to be marked as failed in configurations where mod_proxy was used in load balancer mode. A remote attacker could cause mod_proxy to not send requests to back-end AJP (Apache JServ Protocol) servers for the retry timeout period or until all back-end servers were marked as failed. (CVE-2011-3348)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 78270
    published 2014-10-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=78270
    title Amazon Linux AMI : httpd (ALAS-2011-9)
  • NASL family Web Servers
    NASL id ORACLE_HTTP_SERVER_CPU_JUL_2013.NASL
    description According to its banner, the version of Oracle HTTP Server installed on the remote host is potentially affected by multiple vulnerabilities. Note that Nessus did not verify if patches or workarounds have been applied.
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 69301
    published 2013-08-11
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=69301
    title Oracle Fusion Middleware Oracle HTTP Server Multiple Vulnerabilities
  • NASL family Web Servers
    NASL id HPSMH_7_0_0_24.NASL
    description According to the web server's banner, the version of HP System Management Homepage (SMH) hosted on the remote host is earlier than 7.0. As such, it is reportedly affected by the following vulnerabilities : - An error exists in the 'generate-id' function in the bundled libxslt library that can allow disclosure of heap memory addresses. (CVE-2011-0195) - An unspecified input validation error exists and can allow cross-site request forgery attacks. (CVE-2011-3846) - Unspecified errors can allow attackers to carry out denial of service attacks via unspecified vectors. (CVE-2012-0135, CVE-2012-1993) - The bundled version of PHP contains multiple vulnerabilities. (CVE-2010-3436, CVE-2010-4409, CVE-2010-4645, CVE-2011-1148, CVE-2011-1153, CVE-2011-1464, CVE-2011-1467, CVE-2011-1468, CVE-2011-1470, CVE-2011-1471, CVE-2011-1938, CVE-2011-2202, CVE-2011-2483, CVE-2011-3182, CVE-2011-3189, CVE-2011-3267, CVE-2011-3268) - The bundled version of Apache contains multiple vulnerabilities. (CVE-2010-1452, CVE-2010-1623, CVE-2010-2068, CVE-2010-2791, CVE-2011-0419, CVE-2011-1928, CVE-2011-3192, CVE-2011-3348, CVE-2011-3368, CVE-2011-3639) - OpenSSL libraries are contained in several of the bundled components and contain multiple vulnerabilities. (CVE-2011-0014, CVE-2011-1468, CVE-2011-1945, CVE-2011-3207,CVE-2011-3210) - Curl libraries are contained in several of the bundled components and contain multiple vulnerabilities. (CVE-2009-0037, CVE-2010-0734, CVE-2011-2192)
    last seen 2019-02-21
    modified 2018-11-15
    plugin id 58811
    published 2012-04-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=58811
    title HP System Management Homepage < 7.0 Multiple Vulnerabilities
  • NASL family Gentoo Local Security Checks
    NASL id