CVE-2009-1191 — Improper Input Validation in Apache Http Server

CWE-20 — Improper Input Validation9 documents8 sources

Severity

5.0MEDIUMNVD

EPSS

12.0%

top 6.21%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Canonical Ubuntu Linux

Timeline

PublishedApr 23

Latest updateMay 2

Description

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDapache/http_server2.2.11

Also affects: Ubuntu Linux 6.06, 8.04, 8.10, 9.04

Patches

Patch: svn.apache.org ↗Patch: www.apache.org ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-h7v8-q79w-9jq6: mod_proxy_ajp↗2022-05-02

▶

OSV

CVE-2009-1191: mod_proxy_ajp↗2009-04-23

▶

CVEList

CVE-2009-1191: mod_proxy_ajp↗2009-04-23

▶

📋Vendor Advisories

Ubuntu

Apache vulnerabilities↗2009-06-11

▶

Red Hat

httpd mod_proxy_ajp information disclosure↗2009-04-21

▶

Debian

CVE-2009-1191: apache2 - mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 all...↗2009

▶

💬Community

Bugzilla

CVE-2009-1191 httpd mod_proxy_ajp information disclosure↗2009-05-26

▶

Bugzilla

CVE-2009-1191 httpd mod_proxy_ajp information disclosure↗2009-04-21

▶