Vulnerability-Lookup

RHSA-2009_1058

Vulnerability from csaf_redhat - Published: 2009-05-20 18:30 - Updated: 2024-11-22 02:43

Summary

Red Hat Security Advisory: httpd security update

Severity

Important

Notes

Topic: Updated httpd packages that fix a security issue in mod_proxy_ajp are now available for JBoss Enterprise Web Server 1.0.0. This update has been rated as having important security impact by the Red Hat Security Response Team.

Details: The Apache HTTP Server is a popular Web server. The Apache mod_proxy_ajp module provides Apache JServ Protocol (AJP) support to the Apache mod_proxy module. An information disclosure flaw was found in mod_proxy_ajp. In certain situations, if a user sent a carefully crafted HTTP request, the httpd server could return a response intended for another user. (CVE-2009-1191) Users are advised to upgrade to these updated packages, which resolve this issue. Users must restart httpd for this update to take effect.

Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

CVE-2009-1191

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

5.0 ()


                        
                          AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected products

Fixed 43 products

Product	Version	Remediation
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.src	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.src	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.i386	—	Vendor Fix fix
Unresolved product id: 4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.src	—	Vendor Fix fix
Unresolved product id: 5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-4.ep5.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-4.ep5.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-4.ep5.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-4.ep5.el5.x86_64	—	Vendor Fix fix
Unresolved product id: 5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-4.ep5.el5.i386	—	Vendor Fix fix
Unresolved product id: 5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-4.ep5.el5.x86_64	—	Vendor Fix fix

Threats

Impact Important

References

8 references

URL	Category
https://access.redhat.com/errata/RHSA-2009:1058	self
https://access.redhat.com/security/updates/classi…	external
https://bugzilla.redhat.com/show_bug.cgi?id=496801	external
https://security.access.redhat.com/data/csaf/v2/a…	self
https://access.redhat.com/security/cve/CVE-2009-1191	self
https://bugzilla.redhat.com/show_bug.cgi?id=496801	external
https://www.cve.org/CVERecord?id=CVE-2009-1191	external
https://nvd.nist.gov/vuln/detail/CVE-2009-1191	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Updated httpd packages that fix a security issue in mod_proxy_ajp are now\navailable for JBoss Enterprise Web Server 1.0.0.\n\nThis update has been rated as having important security impact by the Red\nHat Security Response Team.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "The Apache HTTP Server is a popular Web server. The Apache mod_proxy_ajp\nmodule provides Apache JServ Protocol (AJP) support to the Apache mod_proxy\nmodule.\n\nAn information disclosure flaw was found in mod_proxy_ajp. In certain\nsituations, if a user sent a carefully crafted HTTP request, the httpd\nserver could return a response intended for another user. (CVE-2009-1191)\n\nUsers are advised to upgrade to these updated packages, which resolve this\nissue. Users must restart httpd for this update to take effect.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2009:1058",
        "url": "https://access.redhat.com/errata/RHSA-2009:1058"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#important",
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "category": "external",
        "summary": "496801",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496801"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2009/rhsa-2009_1058.json"
      }
    ],
    "title": "Red Hat Security Advisory: httpd security update",
    "tracking": {
      "current_release_date": "2024-11-22T02:43:25+00:00",
      "generator": {
        "date": "2024-11-22T02:43:25+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2009:1058",
      "initial_release_date": "2009-05-20T18:30:00+00:00",
      "revision_history": [
        {
          "date": "2009-05-20T18:30:00+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2009-05-20T14:30:43+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T02:43:25+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
                "product": {
                  "name": "Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
                  "product_id": "5Server-JBEWS-5.0.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
                "product": {
                  "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
                  "product_id": "4AS-JBEWS-5.0.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
                "product": {
                  "name": "Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
                  "product_id": "4ES-JBEWS-5.0.0",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1::el4"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat JBoss Web Server"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-0:2.2.10-4.ep5.el5.src",
                "product": {
                  "name": "httpd-0:2.2.10-4.ep5.el5.src",
                  "product_id": "httpd-0:2.2.10-4.ep5.el5.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.2.10-4.ep5.el5?arch=src"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-0:2.2.10-16.1.ep5.el4.src",
                "product": {
                  "name": "httpd22-0:2.2.10-16.1.ep5.el4.src",
                  "product_id": "httpd22-0:2.2.10-16.1.ep5.el4.src",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22@2.2.10-16.1.ep5.el4?arch=src"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "src"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-0:2.2.10-4.ep5.el5.x86_64",
                "product": {
                  "name": "httpd-0:2.2.10-4.ep5.el5.x86_64",
                  "product_id": "httpd-0:2.2.10-4.ep5.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.2.10-4.ep5.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-manual-0:2.2.10-4.ep5.el5.x86_64",
                "product": {
                  "name": "httpd-manual-0:2.2.10-4.ep5.el5.x86_64",
                  "product_id": "httpd-manual-0:2.2.10-4.ep5.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-manual@2.2.10-4.ep5.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl-1:2.2.10-4.ep5.el5.x86_64",
                "product": {
                  "name": "mod_ssl-1:2.2.10-4.ep5.el5.x86_64",
                  "product_id": "mod_ssl-1:2.2.10-4.ep5.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl@2.2.10-4.ep5.el5?arch=x86_64\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-devel-0:2.2.10-4.ep5.el5.x86_64",
                "product": {
                  "name": "httpd-devel-0:2.2.10-4.ep5.el5.x86_64",
                  "product_id": "httpd-devel-0:2.2.10-4.ep5.el5.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-devel@2.2.10-4.ep5.el5?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64",
                "product": {
                  "name": "httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_id": "httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22-apr@2.2.10-16.1.ep5.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64",
                "product": {
                  "name": "httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_id": "httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22-devel@2.2.10-16.1.ep5.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-0:2.2.10-16.1.ep5.el4.x86_64",
                "product": {
                  "name": "httpd22-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_id": "httpd22-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22@2.2.10-16.1.ep5.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64",
                "product": {
                  "name": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_id": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22-apr-util@2.2.10-16.1.ep5.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64",
                "product": {
                  "name": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_id": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-16.1.ep5.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64",
                "product": {
                  "name": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_id": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-16.1.ep5.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64",
                "product": {
                  "name": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_id": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-16.1.ep5.el4?arch=x86_64"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64",
                "product": {
                  "name": "mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64",
                  "product_id": "mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl22@2.2.10-16.1.ep5.el4?arch=x86_64\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "httpd-0:2.2.10-4.ep5.el5.i386",
                "product": {
                  "name": "httpd-0:2.2.10-4.ep5.el5.i386",
                  "product_id": "httpd-0:2.2.10-4.ep5.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd@2.2.10-4.ep5.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-manual-0:2.2.10-4.ep5.el5.i386",
                "product": {
                  "name": "httpd-manual-0:2.2.10-4.ep5.el5.i386",
                  "product_id": "httpd-manual-0:2.2.10-4.ep5.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-manual@2.2.10-4.ep5.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl-1:2.2.10-4.ep5.el5.i386",
                "product": {
                  "name": "mod_ssl-1:2.2.10-4.ep5.el5.i386",
                  "product_id": "mod_ssl-1:2.2.10-4.ep5.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl@2.2.10-4.ep5.el5?arch=i386\u0026epoch=1"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd-devel-0:2.2.10-4.ep5.el5.i386",
                "product": {
                  "name": "httpd-devel-0:2.2.10-4.ep5.el5.i386",
                  "product_id": "httpd-devel-0:2.2.10-4.ep5.el5.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd-devel@2.2.10-4.ep5.el5?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-apr-0:2.2.10-16.1.ep5.el4.i386",
                "product": {
                  "name": "httpd22-apr-0:2.2.10-16.1.ep5.el4.i386",
                  "product_id": "httpd22-apr-0:2.2.10-16.1.ep5.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22-apr@2.2.10-16.1.ep5.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-devel-0:2.2.10-16.1.ep5.el4.i386",
                "product": {
                  "name": "httpd22-devel-0:2.2.10-16.1.ep5.el4.i386",
                  "product_id": "httpd22-devel-0:2.2.10-16.1.ep5.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22-devel@2.2.10-16.1.ep5.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-0:2.2.10-16.1.ep5.el4.i386",
                "product": {
                  "name": "httpd22-0:2.2.10-16.1.ep5.el4.i386",
                  "product_id": "httpd22-0:2.2.10-16.1.ep5.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22@2.2.10-16.1.ep5.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386",
                "product": {
                  "name": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386",
                  "product_id": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22-apr-util@2.2.10-16.1.ep5.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386",
                "product": {
                  "name": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386",
                  "product_id": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22-apr-devel@2.2.10-16.1.ep5.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386",
                "product": {
                  "name": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386",
                  "product_id": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22-apr-util-devel@2.2.10-16.1.ep5.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386",
                "product": {
                  "name": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386",
                  "product_id": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/httpd22-debuginfo@2.2.10-16.1.ep5.el4?arch=i386"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "mod_ssl22-1:2.2.10-16.1.ep5.el4.i386",
                "product": {
                  "name": "mod_ssl22-1:2.2.10-16.1.ep5.el4.i386",
                  "product_id": "mod_ssl22-1:2.2.10-16.1.ep5.el4.i386",
                  "product_identification_helper": {
                    "purl": "pkg:rpm/redhat/mod_ssl22@2.2.10-16.1.ep5.el4?arch=i386\u0026epoch=1"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "i386"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-0:2.2.10-16.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.src"
        },
        "product_reference": "httpd22-0:2.2.10-16.1.ep5.el4.src",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-apr-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-devel-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-devel-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl22-1:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "mod_ssl22-1:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 AS",
          "product_id": "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4AS-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-0:2.2.10-16.1.ep5.el4.src as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.src"
        },
        "product_reference": "httpd22-0:2.2.10-16.1.ep5.el4.src",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-apr-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-devel-0:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "httpd22-devel-0:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl22-1:2.2.10-16.1.ep5.el4.i386 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.i386"
        },
        "product_reference": "mod_ssl22-1:2.2.10-16.1.ep5.el4.i386",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64 as a component of Red Hat JBoss Web Server 1.0 for RHEL 4 ES",
          "product_id": "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64"
        },
        "product_reference": "mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64",
        "relates_to_product_reference": "4ES-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-0:2.2.10-4.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.i386"
        },
        "product_reference": "httpd-0:2.2.10-4.ep5.el5.i386",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-0:2.2.10-4.ep5.el5.src as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.src"
        },
        "product_reference": "httpd-0:2.2.10-4.ep5.el5.src",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-0:2.2.10-4.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.x86_64"
        },
        "product_reference": "httpd-0:2.2.10-4.ep5.el5.x86_64",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-devel-0:2.2.10-4.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-4.ep5.el5.i386"
        },
        "product_reference": "httpd-devel-0:2.2.10-4.ep5.el5.i386",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-devel-0:2.2.10-4.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-4.ep5.el5.x86_64"
        },
        "product_reference": "httpd-devel-0:2.2.10-4.ep5.el5.x86_64",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-manual-0:2.2.10-4.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-4.ep5.el5.i386"
        },
        "product_reference": "httpd-manual-0:2.2.10-4.ep5.el5.i386",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "httpd-manual-0:2.2.10-4.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-4.ep5.el5.x86_64"
        },
        "product_reference": "httpd-manual-0:2.2.10-4.ep5.el5.x86_64",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl-1:2.2.10-4.ep5.el5.i386 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-4.ep5.el5.i386"
        },
        "product_reference": "mod_ssl-1:2.2.10-4.ep5.el5.i386",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "mod_ssl-1:2.2.10-4.ep5.el5.x86_64 as a component of Red Hat JBoss Enterprise Web Server 1 for RHEL 5 Server",
          "product_id": "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-4.ep5.el5.x86_64"
        },
        "product_reference": "mod_ssl-1:2.2.10-4.ep5.el5.x86_64",
        "relates_to_product_reference": "5Server-JBEWS-5.0.0"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2009-1191",
      "discovery_date": "2009-03-05T00:00:00+00:00",
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "496801"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "httpd mod_proxy_ajp information disclosure",
          "title": "Vulnerability summary"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.i386",
          "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.src",
          "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.x86_64",
          "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.i386",
          "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64",
          "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386",
          "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64",
          "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386",
          "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64",
          "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386",
          "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64",
          "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386",
          "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64",
          "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.i386",
          "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64",
          "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.i386",
          "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64",
          "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.i386",
          "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.src",
          "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.x86_64",
          "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.i386",
          "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64",
          "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386",
          "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64",
          "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386",
          "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64",
          "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386",
          "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64",
          "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386",
          "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64",
          "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.i386",
          "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64",
          "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.i386",
          "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64",
          "5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.i386",
          "5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.src",
          "5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.x86_64",
          "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-4.ep5.el5.i386",
          "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-4.ep5.el5.x86_64",
          "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-4.ep5.el5.i386",
          "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-4.ep5.el5.x86_64",
          "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-4.ep5.el5.i386",
          "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-4.ep5.el5.x86_64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2009-1191"
        },
        {
          "category": "external",
          "summary": "RHBZ#496801",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=496801"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2009-1191",
          "url": "https://www.cve.org/CVERecord?id=CVE-2009-1191"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2009-1191",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2009-1191"
        }
      ],
      "release_date": "2009-04-21T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2009-05-20T18:30:00+00:00",
          "details": "Before applying this update, make sure that all previously-released\nerrata relevant to your system have been applied.\n\nThis update is available via Red Hat Network.  Details on how to use\nthe Red Hat Network to apply this update are available at\nhttp://kbase.redhat.com/faq/docs/DOC-11259",
          "product_ids": [
            "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.src",
            "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.src",
            "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64",
            "5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.i386",
            "5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.src",
            "5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.x86_64",
            "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-4.ep5.el5.i386",
            "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-4.ep5.el5.x86_64",
            "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-4.ep5.el5.i386",
            "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-4.ep5.el5.x86_64",
            "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-4.ep5.el5.i386",
            "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-4.ep5.el5.x86_64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2009:1058"
        }
      ],
      "scores": [
        {
          "cvss_v2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 5.0,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "products": [
            "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.src",
            "4AS-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64",
            "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.i386",
            "4AS-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.src",
            "4ES-JBEWS-5.0.0:httpd22-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-apr-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-apr-devel-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-apr-util-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-debuginfo-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:httpd22-devel-0:2.2.10-16.1.ep5.el4.x86_64",
            "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.i386",
            "4ES-JBEWS-5.0.0:mod_ssl22-1:2.2.10-16.1.ep5.el4.x86_64",
            "5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.i386",
            "5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.src",
            "5Server-JBEWS-5.0.0:httpd-0:2.2.10-4.ep5.el5.x86_64",
            "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-4.ep5.el5.i386",
            "5Server-JBEWS-5.0.0:httpd-devel-0:2.2.10-4.ep5.el5.x86_64",
            "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-4.ep5.el5.i386",
            "5Server-JBEWS-5.0.0:httpd-manual-0:2.2.10-4.ep5.el5.x86_64",
            "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-4.ep5.el5.i386",
            "5Server-JBEWS-5.0.0:mod_ssl-1:2.2.10-4.ep5.el5.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Important"
        }
      ],
      "title": "httpd mod_proxy_ajp information disclosure"
    }
  ]
}

CVE-2009-1191 (GCVE-0-2009-1191)

Vulnerability from cvelistv5 – Published: 2009-04-23 17:00 – Updated: 2024-08-07 05:04

Summary

Severity ?

No CVSS data available.

CWE

Assigner

redhat

References

33 references

URL	Tags
http://www.securityfocus.com/bid/34663	vdb-entryx_refsource_BID
http://www.apache.org/dist/httpd/patches/apply_to…	x_refsource_CONFIRM
http://secunia.com/advisories/35395	third-party-advisoryx_refsource_SECUNIA
https://exchange.xforce.ibmcloud.com/vulnerabilit…	vdb-entryx_refsource_XF
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
http://www.vupen.com/english/advisories/2009/1147	vdb-entryx_refsource_VUPEN
http://security.gentoo.org/glsa/glsa-200907-04.xml	vendor-advisoryx_refsource_GENTOO
https://oval.cisecurity.org/repository/search/def…	vdb-entrysignaturex_refsource_OVAL
http://www.vupen.com/english/advisories/2009/3184	vdb-entryx_refsource_VUPEN
http://osvdb.org/53921	vdb-entryx_refsource_OSVDB
http://www.securitytracker.com/id?1022264	vdb-entryx_refsource_SECTRACK
https://issues.apache.org/bugzilla/show_bug.cgi?i…	x_refsource_CONFIRM
http://secunia.com/advisories/34827	third-party-advisoryx_refsource_SECUNIA
http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
http://svn.apache.org/viewvc/httpd/httpd/trunk/CH…	x_refsource_CONFIRM
http://secunia.com/advisories/35721	third-party-advisoryx_refsource_SECUNIA
http://support.apple.com/kb/HT3937	x_refsource_CONFIRM
http://www.ubuntu.com/usn/usn-787-1	vendor-advisoryx_refsource_UBUNTU
https://lists.apache.org/thread.html/8d63cb8e9100…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/f7f95ac1cd98…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r57608dc51b7…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rfbaf647d52c…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rf6449464fd8…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r7dd6be4dc38…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9ea3538f229…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r84d043c2115…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rdca61ae9906…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r9f93cf6dde3…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rc4c53a0d57b…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/rad01d817195…	mailing-listx_refsource_MLIST
https://lists.apache.org/thread.html/r75cbe9ea3e2…	mailing-listx_refsource_MLIST

Date Public ?

2009-04-21 00:00

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T05:04:49.027Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "34663",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/34663"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff"
          },
          {
            "name": "35395",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35395"
          },
          {
            "name": "apache-modproxyajp-information-disclosure(50059)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50059"
          },
          {
            "name": "MDVSA-2009:102",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:102"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
          },
          {
            "name": "ADV-2009-1147",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/1147"
          },
          {
            "name": "GLSA-200907-04",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200907-04.xml"
          },
          {
            "name": "oval:org.mitre.oval:def:8261",
            "tags": [
              "vdb-entry",
              "signature",
              "x_refsource_OVAL",
              "x_transferred"
            ],
            "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8261"
          },
          {
            "name": "ADV-2009-3184",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2009/3184"
          },
          {
            "name": "53921",
            "tags": [
              "vdb-entry",
              "x_refsource_OSVDB",
              "x_transferred"
            ],
            "url": "http://osvdb.org/53921"
          },
          {
            "name": "1022264",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1022264"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=46949"
          },
          {
            "name": "34827",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/34827"
          },
          {
            "name": "APPLE-SA-2009-11-09-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
          },
          {
            "name": "MDVSA-2013:150",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938\u0026r2=767089"
          },
          {
            "name": "35721",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/35721"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3937"
          },
          {
            "name": "USN-787-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/usn-787-1"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
          },
          {
            "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-04-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-06-06T10:07:22.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "name": "34663",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/34663"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff"
        },
        {
          "name": "35395",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35395"
        },
        {
          "name": "apache-modproxyajp-information-disclosure(50059)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50059"
        },
        {
          "name": "MDVSA-2009:102",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2009:102"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html"
        },
        {
          "name": "ADV-2009-1147",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/1147"
        },
        {
          "name": "GLSA-200907-04",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200907-04.xml"
        },
        {
          "name": "oval:org.mitre.oval:def:8261",
          "tags": [
            "vdb-entry",
            "signature",
            "x_refsource_OVAL"
          ],
          "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8261"
        },
        {
          "name": "ADV-2009-3184",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2009/3184"
        },
        {
          "name": "53921",
          "tags": [
            "vdb-entry",
            "x_refsource_OSVDB"
          ],
          "url": "http://osvdb.org/53921"
        },
        {
          "name": "1022264",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1022264"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://issues.apache.org/bugzilla/show_bug.cgi?id=46949"
        },
        {
          "name": "34827",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/34827"
        },
        {
          "name": "APPLE-SA-2009-11-09-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html"
        },
        {
          "name": "MDVSA-2013:150",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938\u0026r2=767089"
        },
        {
          "name": "35721",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/35721"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3937"
        },
        {
          "name": "USN-787-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/usn-787-1"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048743 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20190815 svn commit: r1048742 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058586 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20200401 svn commit: r1058587 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/vulnerabilities-httpd.xml security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1888194 [5/13] - /httpd/site/trunk/content/security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073140 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073139 [5/13] - in /websites/staging/httpd/trunk/content: ./ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073146 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/cvejsontohtml.py security/vulnerabilities-httpd.xml security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [1/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210330 svn commit: r1073149 [6/13] - in /websites/staging/httpd/trunk/content: ./ security/ security/json/",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210603 svn commit: r1075360 [2/3] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2021-31618.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E"
        },
        {
          "name": "[httpd-cvs] 20210606 svn commit: r1075470 [3/4] - in /websites/staging/httpd/trunk/content: ./ security/json/CVE-2020-13938.json security/vulnerabilities_13.html security/vulnerabilities_20.html security/vulnerabilities_22.html security/vulnerabilities_24.html",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2009-1191",
    "datePublished": "2009-04-23T17:00:00.000Z",
    "dateReserved": "2009-03-31T00:00:00.000Z",
    "dateUpdated": "2024-08-07T05:04:49.027Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2009_1058

CVE-2009-1191 (GCVE-0-2009-1191)

Tags

Sightings

Nomenclature