mirror of
https://github.com/CVEProject/cvelist.git
synced 2025-08-04 08:44:25 +00:00
168 lines
5.8 KiB
JSON
168 lines
5.8 KiB
JSON
{
|
|
"CVE_data_meta" : {
|
|
"ASSIGNER" : "cve@mitre.org",
|
|
"ID" : "CVE-2011-4317",
|
|
"STATE" : "PUBLIC"
|
|
},
|
|
"affects" : {
|
|
"vendor" : {
|
|
"vendor_data" : [
|
|
{
|
|
"product" : {
|
|
"product_data" : [
|
|
{
|
|
"product_name" : "n/a",
|
|
"version" : {
|
|
"version_data" : [
|
|
{
|
|
"version_value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
}
|
|
]
|
|
},
|
|
"vendor_name" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
},
|
|
"data_format" : "MITRE",
|
|
"data_type" : "CVE",
|
|
"data_version" : "4.0",
|
|
"description" : {
|
|
"description_data" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368."
|
|
}
|
|
]
|
|
},
|
|
"problemtype" : {
|
|
"problemtype_data" : [
|
|
{
|
|
"description" : [
|
|
{
|
|
"lang" : "eng",
|
|
"value" : "n/a"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
},
|
|
"references" : {
|
|
"reference_data" : [
|
|
{
|
|
"name" : "https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue",
|
|
"refsource" : "MISC",
|
|
"url" : "https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue"
|
|
},
|
|
{
|
|
"name" : "http://thread.gmane.org/gmane.comp.apache.devel/46440",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://thread.gmane.org/gmane.comp.apache.devel/46440"
|
|
},
|
|
{
|
|
"name" : "https://bugzilla.redhat.com/show_bug.cgi?id=756483",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "https://bugzilla.redhat.com/show_bug.cgi?id=756483"
|
|
},
|
|
{
|
|
"name" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html"
|
|
},
|
|
{
|
|
"name" : "http://support.apple.com/kb/HT5501",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://support.apple.com/kb/HT5501"
|
|
},
|
|
{
|
|
"name" : "http://kb.juniper.net/JSA10585",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://kb.juniper.net/JSA10585"
|
|
},
|
|
{
|
|
"name" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html",
|
|
"refsource" : "CONFIRM",
|
|
"url" : "http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html"
|
|
},
|
|
{
|
|
"name" : "APPLE-SA-2012-09-19-2",
|
|
"refsource" : "APPLE",
|
|
"url" : "http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html"
|
|
},
|
|
{
|
|
"name" : "DSA-2405",
|
|
"refsource" : "DEBIAN",
|
|
"url" : "http://www.debian.org/security/2012/dsa-2405"
|
|
},
|
|
{
|
|
"name" : "HPSBMU02786",
|
|
"refsource" : "HP",
|
|
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
|
|
},
|
|
{
|
|
"name" : "SSRT100877",
|
|
"refsource" : "HP",
|
|
"url" : "http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041"
|
|
},
|
|
{
|
|
"name" : "HPSBOV02822",
|
|
"refsource" : "HP",
|
|
"url" : "http://marc.info/?l=bugtraq&m=134987041210674&w=2"
|
|
},
|
|
{
|
|
"name" : "SSRT100966",
|
|
"refsource" : "HP",
|
|
"url" : "http://marc.info/?l=bugtraq&m=134987041210674&w=2"
|
|
},
|
|
{
|
|
"name" : "HPSBMU02748",
|
|
"refsource" : "HP",
|
|
"url" : "http://marc.info/?l=bugtraq&m=133294460209056&w=2"
|
|
},
|
|
{
|
|
"name" : "SSRT100772",
|
|
"refsource" : "HP",
|
|
"url" : "http://marc.info/?l=bugtraq&m=133294460209056&w=2"
|
|
},
|
|
{
|
|
"name" : "MDVSA-2012:003",
|
|
"refsource" : "MANDRIVA",
|
|
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2012:003"
|
|
},
|
|
{
|
|
"name" : "MDVSA-2013:150",
|
|
"refsource" : "MANDRIVA",
|
|
"url" : "http://www.mandriva.com/security/advisories?name=MDVSA-2013:150"
|
|
},
|
|
{
|
|
"name" : "RHSA-2012:0128",
|
|
"refsource" : "REDHAT",
|
|
"url" : "http://rhn.redhat.com/errata/RHSA-2012-0128.html"
|
|
},
|
|
{
|
|
"name" : "openSUSE-SU-2013:0243",
|
|
"refsource" : "SUSE",
|
|
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html"
|
|
},
|
|
{
|
|
"name" : "openSUSE-SU-2013:0248",
|
|
"refsource" : "SUSE",
|
|
"url" : "http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html"
|
|
},
|
|
{
|
|
"name" : "1026353",
|
|
"refsource" : "SECTRACK",
|
|
"url" : "http://www.securitytracker.com/id?1026353"
|
|
},
|
|
{
|
|
"name" : "48551",
|
|
"refsource" : "SECUNIA",
|
|
"url" : "http://secunia.com/advisories/48551"
|
|
}
|
|
]
|
|
}
|
|
}
|