5

CVE-2009-1191

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ApacheHTTP Server Version2.2.11
CanonicalUbuntu Linux Version6.06
CanonicalUbuntu Linux Version8.04 SwEdition-
CanonicalUbuntu Linux Version8.10
CanonicalUbuntu Linux Version9.04
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.38% 0.957
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Broken Link
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
Third Party Advisory
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
Broken Link
Mailing List
http://support.apple.com/kb/HT3937
Broken Link
http://www.vupen.com/english/advisories/2009/3184
Permissions Required
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
http://osvdb.org/53921
Broken Link
http://secunia.com/advisories/34827
Not Applicable
http://secunia.com/advisories/35395
Not Applicable
http://secunia.com/advisories/35721
Not Applicable
http://security.gentoo.org/glsa/glsa-200907-04.xml
Third Party Advisory
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089
Patch
Vendor Advisory
http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff
Patch
Vendor Advisory
http://www.mandriva.com/security/advisories?name=MDVSA-2009:102
Broken Link
http://www.securityfocus.com/bid/34663
Patch
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1022264
Third Party Advisory
Broken Link
VDB Entry
http://www.ubuntu.com/usn/usn-787-1
Third Party Advisory
http://www.vupen.com/english/advisories/2009/1147
Permissions Required
https://exchange.xforce.ibmcloud.com/vulnerabilities/50059
Third Party Advisory
VDB Entry
https://issues.apache.org/bugzilla/show_bug.cgi?id=46949
Vendor Advisory
Issue Tracking
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8261
Third Party Advisory