CVE-2011-3348
published 2011-09-20CVE-2011-3348: The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause…
medium4.3CVSS 3.1
AVNACMAuNCNINAP
The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apache | http_server | 2.2.12 – 2.2.20 | — |
| apache | httpd | — | — |
| debian | apache2 | < apache2 2.2.21-1 (bookworm) | apache2 2.2.21-1 (bookworm) |
| redhat | jboss_enterprise_web_server | — | — |
CVSS provenance
nvd4.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv4.3MEDIUM