CVE-2011-3639

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

CVSS v2.0 4.3 MEDIUM

4.3^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:P/A:N

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://bugzilla.redhat.com/show_bug.cgi?id=752080
http://svn.apache.org/viewvc?view=revision&revision=1188745
http://rhn.redhat.com/errata/RHSA-2012-0128.html
http://www.debian.org/security/2012/dsa-2405

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:apache:http_server:2.0.42:::::::*
	cpe:2.3:a:apache:http_server:2.0.58:::::::*
	cpe:2.3:a:apache:http_server:2.2.11:::::::*
	cpe:2.3:a:apache:http_server:2.2.0:::::::*
	cpe:2.3:a:apache:http_server:2.2.10:::::::*
	cpe:2.3:a:apache:http_server:2.2.13:::::::*
	cpe:2.3:a:apache:http_server:2.0.47:::::::*
	cpe:2.3:a:apache:http_server:2.0.56:::::::*
	cpe:2.3:a:apache:http_server:2.0.50:::::::*
	cpe:2.3:a:apache:http_server:2.0.27:::::::*
	cpe:2.3:a:apache:http_server:2.2.2:::::::*
	cpe:2.3:a:apache:http_server:2.0.12:::::::*
	cpe:2.3:a:apache:http_server:2.0.20:::::::*
	cpe:2.3:a:apache:http_server2.0a9::::::::
	cpe:2.3:a:apache:http_server:2.2.4:::::::*
	cpe:2.3:a:apache:http_server:2.0.35:::::::*
	cpe:2.3:a:apache:http_server:2.0.37:::::::*
	cpe:2.3:a:apache:http_server:2.0.55:::::::*
	cpe:2.3:a:apache:http_server:2.2.17:::::::*
	cpe:2.3:a:apache:http_server:2.0.44:::::::*
	cpe:2.3:a:apache:http_server:2.2.16:::::::*
	cpe:2.3:a:apache:http_server:2.0.39:::::::*
	cpe:2.3:a:apache:http_server:2.0.18:::::::*
	cpe:2.3:a:apache:http_server:2.0.25:::::::*
	cpe:2.3:a:apache:http_server:2.2.8:::::::*
	cpe:2.3:a:apache:http_server:2.0.52:::::::*
	cpe:2.3:a:apache:http_server2.0a7::::::::
	cpe:2.3:a:apache:http_server:2.0.21:::::::*
	cpe:2.3:a:apache:http_server:2.0.53:::::::*
	cpe:2.3:a:apache:http_server:2.0.57:::::::*
	cpe:2.3:a:apache:http_server:2.0.51:::::::*
	cpe:2.3:a:apache:http_server:2.0.33:::::::*
	cpe:2.3:a:apache:http_server:2.0.17:::::::*
	cpe:2.3:a:apache:http_server:2.0.63:::::::*
	cpe:2.3:a:apache:http_server:2.2.14:::::::*
	cpe:2.3:a:apache:http_server:2.0.22:::::::*
	cpe:2.3:a:apache:http_server:2.0.15:::::::*
	cpe:2.3:a:apache:http_server:2.0.41:::::::*
	cpe:2.3:a:apache:http_server:2.0.49:::::::*
	cpe:2.3:a:apache:http_server:2.0.29:::::::*
	cpe:2.3:a:apache:http_server:2.0.26:::::::*
	cpe:2.3:a:apache:http_server2.0a8::::::::
	cpe:2.3:a:apache:http_server:2.0.23:::::::*
	cpe:2.3:a:apache:http_server2.0a2::::::::
	cpe:2.3:a:apache:http_server:2.0.61:::::::*
	cpe:2.3:a:apache:http_server:2.2.6:::::::*
	cpe:2.3:a:apache:http_server:2.0.32:::::::*
	cpe:2.3:a:apache:http_server:2.0.34:::::::*
	cpe:2.3:a:apache:http_server2.0a5::::::::
	cpe:2.3:a:apache:http_server2.0a3::::::::
	cpe:2.3:a:apache:http_server:2.0.38:::::::*
	cpe:2.3:a:apache:http_server:2.0.19:::::::*
	cpe:2.3:a:apache:http_server:2.2.9:::::::*
	cpe:2.3:a:apache:http_server2.0a4::::::::
	cpe:2.3:a:apache:http_server:2.0.24:::::::*
	cpe:2.3:a:apache:http_server:2.0.48:::::::*
	cpe:2.3:a:apache:http_server:2.0.16:::::::*
	cpe:2.3:a:apache:http_server:2.0.45:::::::*
	cpe:2.3:a:apache:http_server:2.2.12:::::::*
	cpe:2.3:a:apache:http_server:2.0.40:::::::*
	cpe:2.3:a:apache:http_server:2.0.36:::::::*
	cpe:2.3:a:apache:http_server2.0a6::::::::
	cpe:2.3:a:apache:http_server:2.2.3:::::::*
	cpe:2.3:a:apache:http_server:2.0.46:::::::*
cpe:2.3:a:apache:http_server:2.0.54:::::::*
cpe:2.3:a:apache:http_server:2.2.15:::::::*
cpe:2.3:a:apache:http_server:2.0.43:::::::*
cpe:2.3:a:apache:http_server:2.0.11:::::::*
cpe:2.3:a:apache:http_server:2.0.59:::::::*
cpe:2.3:a:apache:http_server:2.0.14:::::::*
cpe:2.3:a:apache:http_server:2.0.28:::::::*
cpe:2.3:a:apache:http_server:2.0.31:::::::*
cpe:2.3:a:apache:http_server2.0a1::::::::
cpe:2.3:a:apache:http_server:2.0.30:::::::*
cpe:2.3:a:apache:http_server:2.2.1:::::::*
cpe:2.3:a:apache:http_server:2.0.13:::::::*

Information

Published : 2011-11-29 20:05

Updated : 2023-02-12 20:32

NVD link : CVE-2011-3639

Mitre link : CVE-2011-3639

JSON object : View

CWE

CWE-20

Improper Input Validation

Products Affected

apache

http_server2.0a5
http_server2.0a9
http_server2.0a2
http_server2.0a6
http_server
http_server2.0a7
http_server2.0a4
http_server2.0a8
http_server2.0a1
http_server2.0a3

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080", "name": "https://bugzilla.redhat.com/show_bug.cgi?id=752080", "tags": [], "refsource": "CONFIRM"}, {"url": "http://svn.apache.org/viewvc?view=revision&revision=1188745", "name": "http://svn.apache.org/viewvc?view=revision&revision=1188745", "tags": [], "refsource": "CONFIRM"}, {"url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html", "name": "RHSA-2012:0128", "tags": [], "refsource": "REDHAT"}, {"url": "http://www.debian.org/security/2012/dsa-2405", "name": "DSA-2405", "tags": [], "refsource": "DEBIAN"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-20"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2011-3639", "ASSIGNER": "secalert@redhat.com"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "severity": "MEDIUM", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2011-11-30T04:05Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.27:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.20:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server2.0a9:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.18:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.25:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server2.0a7:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.21:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.33:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.17:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.22:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.29:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.26:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server2.0a8:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.23:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server2.0a2:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.34:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server2.0a5:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server2.0a3:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.19:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server2.0a4:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.24:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.16:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server2.0a6:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.11:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.14:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.31:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server2.0a1:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.30:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:apache:http_server:2.0.13:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2023-02-13T04:32Z"}

4.3 /10