All the vulnerabilites related to apache - http_server2.0a8
cve-2011-3639
Vulnerability from cvelistv5
Published
2011-11-30 02:00
Modified
2024-08-06 23:37
Severity ?
EPSS score ?
Summary
The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
References
| ▼ | URL | Tags |
|---|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=752080 | x_refsource_CONFIRM | |
| http://rhn.redhat.com/errata/RHSA-2012-0128.html | vendor-advisory, x_refsource_REDHAT | |
| http://svn.apache.org/viewvc?view=revision&revision=1188745 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2012/dsa-2405 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.644Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080"
},
{
"name": "RHSA-2012:0128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT",
"x_transferred"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1188745"
},
{
"name": "DSA-2405",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2012/dsa-2405"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-11-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-12-28T20:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080"
},
{
"name": "RHSA-2012:0128",
"tags": [
"vendor-advisory",
"x_refsource_REDHAT"
],
"url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1188745"
},
{
"name": "DSA-2405",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2012/dsa-2405"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3639",
"datePublished": "2011-11-30T02:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.644Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2011-11-30 04:05
Modified
2024-11-21 01:30
Severity ?
Summary
The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "DAF992CB-14FF-409B-8DCD-BA967C077DDF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "DA66C097-3E40-4B73-814F-DDC0DECED68D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "8AC5F497-E7C4-4C65-AB39-26AC6D9AB16F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "A14055E2-3AF4-4067-B36F-2196A80630AC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "877CA12A-4033-4D7A-B952-F03E4A47CDD3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.16:*:*:*:*:*:*:*",
"matchCriteriaId": "C13C842A-F5C7-463C-AFEF-83CB37DDD143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.17:*:*:*:*:*:*:*",
"matchCriteriaId": "AD5AC2F3-591D-479C-9675-4D805A518B55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.18:*:*:*:*:*:*:*",
"matchCriteriaId": "3F4491F3-3444-4FDF-B5BE-2B122E85372D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.19:*:*:*:*:*:*:*",
"matchCriteriaId": "DB9F4D77-D462-4ACD-B398-C0B246743436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "30815053-E2D2-4D80-A98F-A439A8390DAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "E1458538-C8F6-4B15-A9BC-A991FB96E58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "5625759C-0695-44AD-BF4D-B52C8783CF7B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "0559B21D-AB40-4F99-87DA-0792A198FE9F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "44C1AC64-7048-4B92-A5EC-1267EB639B97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.25:*:*:*:*:*:*:*",
"matchCriteriaId": "3BC97B2F-08DD-418D-B811-DDD0B886F3B6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.26:*:*:*:*:*:*:*",
"matchCriteriaId": "59503E54-2D6E-4116-A54D-857729AEFC4F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.27:*:*:*:*:*:*:*",
"matchCriteriaId": "5970F4D6-D6F9-48D9-A720-C0B48946A265",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*",
"matchCriteriaId": "EB477AFB-EA39-4892-B772-586CF6D2D235",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.29:*:*:*:*:*:*:*",
"matchCriteriaId": "8FBF3D87-0F47-4EF1-BD1F-3F8AEB54D759",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.30:*:*:*:*:*:*:*",
"matchCriteriaId": "DADE8586-71C7-43E7-92FA-11810376E987",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.31:*:*:*:*:*:*:*",
"matchCriteriaId": "C24F551C-B514-4598-8B17-312F739402D3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*",
"matchCriteriaId": "B35906CD-038E-4243-8A95-F0A3A43F06F7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.33:*:*:*:*:*:*:*",
"matchCriteriaId": "01BB22DE-1350-41BF-8C3D-B05458A45FB5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.34:*:*:*:*:*:*:*",
"matchCriteriaId": "BD008916-D0D6-4FC0-AAB0-5A3F11027E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*",
"matchCriteriaId": "B940BB85-03F5-46D7-8DC9-2E1E228D3D98",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*",
"matchCriteriaId": "82139FFA-2779-4732-AFA5-4E6E19775899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*",
"matchCriteriaId": "B7F717E6-BACD-4C8A-A9C5-516ADA6FEE6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*",
"matchCriteriaId": "08AB120B-2FEC-4EB3-9777-135D81E809AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*",
"matchCriteriaId": "1C7FF669-12E0-4A73-BBA7-250D109148C5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*",
"matchCriteriaId": "5AB7B1F1-7202-445D-9F96-135DC0AFB1E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*",
"matchCriteriaId": "BCB7EE53-187E-40A9-9865-0F3EDA2B5A4C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*",
"matchCriteriaId": "9D06AE8A-9BA8-4AA8-ACEA-326CD001E879",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*",
"matchCriteriaId": "2FC1A04B-0466-48AD-89F3-1F2EF1DEBE6A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*",
"matchCriteriaId": "19F34D08-430E-4331-A27D-667149425176",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*",
"matchCriteriaId": "248BDF2C-3E78-49D1-BD9C-60C09A441724",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*",
"matchCriteriaId": "BB0FDE3D-1509-4375-8703-0D174D70B22E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*",
"matchCriteriaId": "AFE732B5-00C9-4443-97E0-1DF21475C26B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*",
"matchCriteriaId": "C79C41D3-6894-4F2D-B8F8-82AB4780A824",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*",
"matchCriteriaId": "449A5647-CEA6-4314-9DB8-D086F388E1C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "B5A407B7-F432-48F0-916A-A49952F85CA6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "6B5AC769-D07D-43C7-B252-A5A812E7D58C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "ADF4DBF6-DAF0-47E7-863B-C48DB7149A78",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "F2F19D71-0A58-4B03-B351-596EB67ECF80",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5EBB3FF9-CF5A-4E7B-ACE3-A198343AD485",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*",
"matchCriteriaId": "D721FFB5-D6D3-4F60-8B09-B3AD07EE6D4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*",
"matchCriteriaId": "97E8F32E-C2E5-44E3-A920-F09AF919D372",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*",
"matchCriteriaId": "0CF37A82-49B6-45D4-B91D-FDA2D4463A0C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*",
"matchCriteriaId": "030D1767-2DF7-48E3-B462-4B49CA751B35",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*",
"matchCriteriaId": "5236DC61-5557-4C24-8F5B-F48548448588",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*",
"matchCriteriaId": "3B468F9B-2514-425C-9279-0FCAF73BBD18",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*",
"matchCriteriaId": "59FAFAD0-6B58-431B-BA90-CAE6C72844E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "67AD11FB-529C-404E-A13B-284F145322B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "733D62FE-180A-4AE8-9DBF-DA1DC18C1932",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "CCBBB7FE-35FC-4515-8393-5145339FCE4D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "F519633F-AB68-495A-B85E-FD41F9F752CA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "A894BED6-C97D-4DA4-A13D-9CB2B3306BC5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "34A847D1-5AD5-4EFD-B165-7602AFC1E656",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*",
"matchCriteriaId": "9AF3A0F5-4E5C-4278-9927-1F94F25CCAFC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*",
"matchCriteriaId": "AB63EBE5-CF14-491E-ABA5-67116DFE3E5B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*",
"matchCriteriaId": "8C2A33DE-F55F-4FD8-BB00-9C1E006CA65C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B1CF6394-95D9-42AF-A442-385EFF9CEFE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*",
"matchCriteriaId": "02B629FB-88C8-4E85-A137-28770F1E524E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*",
"matchCriteriaId": "03550EF0-DF89-42FE-BF0E-994514EBD947",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*",
"matchCriteriaId": "4886CCAB-6D4E-45C7-B177-2E8DBEA15531",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*",
"matchCriteriaId": "C35631AC-7C35-4F6A-A95A-3B080E5210ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*",
"matchCriteriaId": "6CED2BA6-BE5E-4EF1-88EB-0DADD23D2EEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*",
"matchCriteriaId": "A71F4154-AD20-4EEA-9E2E-D3385C357DA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server2.0a1:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C46F0F48-193A-4885-9BC0-1BA89829DD6E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server2.0a2:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AE2712B5-6002-43B8-81D9-4DB00BD3D502",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server2.0a3:*:*:*:*:*:*:*:*",
"matchCriteriaId": "74A571A2-3C21-4137-A099-FB50017BE7FC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server2.0a4:*:*:*:*:*:*:*:*",
"matchCriteriaId": "364B61B1-D841-459A-BDF2-9B5558768A5D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server2.0a5:*:*:*:*:*:*:*:*",
"matchCriteriaId": "058B5D4F-43A3-4304-A7C3-110E964312BB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server2.0a6:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0D64BE04-0D98-439D-9E91-E26B466E98E1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server2.0a7:*:*:*:*:*:*:*:*",
"matchCriteriaId": "38C899A1-550E-435F-A9DC-4F6846CBA2A8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server2.0a8:*:*:*:*:*:*:*:*",
"matchCriteriaId": "FA768FBC-91C7-49AA-8D59-0A853A007135",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:apache:http_server2.0a9:*:*:*:*:*:*:*:*",
"matchCriteriaId": "197CA84D-447E-43B1-B71F-71E92A5937A8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368."
},
{
"lang": "es",
"value": "El m\u00f3dulo mod_proxy en el servidor HTTP Apache v2.0.x hasta v2.0.64 y v2.2.x hasta v2.2.18, cuando la revisi\u00f3n 1179239 se realiza, no interact\u00faa con el uso de patrones de coincidencia (1) RewriteRule y (2) ProxyPassMatch para configuraci\u00f3n de un proxy inverso, lo que permite a atacantes remotos enviar peticiones a servidores de la intranet a trav\u00e9s de URI mal formadas que contienen el caracter \u0027@\u0027: caracter en una posici\u00f3n inv\u00e1lida. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2011-3368."
}
],
"id": "CVE-2011-3639",
"lastModified": "2024-11-21T01:30:54.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-30T04:05:58.437",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html"
},
{
"source": "secalert@redhat.com",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1188745"
},
{
"source": "secalert@redhat.com",
"url": "http://www.debian.org/security/2012/dsa-2405"
},
{
"source": "secalert@redhat.com",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.apache.org/viewvc?view=revision\u0026revision=1188745"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2012/dsa-2405"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}