4.3

CVE-2011-3348

Exploit

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.

Data is provided by the National Vulnerability Database (NVD)
ApacheHTTP Server Version >= 2.2.12 <= 2.2.20
RedhatJboss Enterprise Web Server Version1.0.0
   RedhatEnterprise Linux Version6.0
   RedhatEnterprise Linux Version7.0
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 52.32% 0.978
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 4.3 8.6 2.9
AV:N/AC:M/Au:N/C:N/I:N/A:P
CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://marc.info/?l=bugtraq&m=131731002122529&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://marc.info/?l=bugtraq&m=132033751509019&w=2
Third Party Advisory
Mailing List
Issue Tracking
http://community.jboss.org/message/625307
Third Party Advisory
Exploit
http://secunia.com/advisories/46013
Vendor Advisory
Not Applicable
http://www.securityfocus.com/bid/49616
Third Party Advisory
VDB Entry
http://www.securitytracker.com/id?1026054
Third Party Advisory
Broken Link
VDB Entry