CVE-2011-3348

CWE-400 — Uncontrolled Resource Consumption9 documents9 sources

Severity

4.3MEDIUM

EPSS

34.0%

top 3.03%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Http Server Redhat Jboss Enterprise WEB Server

Timeline

PublishedSep 20

Latest updateMay 13

Description

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages3 packages

▶NVDapache/http_server2.2.12 — 2.2.20

▶NVDredhat/jboss_enterprise_web_server1.0.0

▶Debianapache2< 2.2.21-1+3

🔴Vulnerability Details

GHSA

GHSA-vqqq-3xjq-cg84: The mod_proxy_ajp module in the Apache HTTP Server before 2↗2022-05-13

▶

OSV

CVE-2011-3348: The mod_proxy_ajp module in the Apache HTTP Server before 2↗2011-09-20

▶

CVEList

CVE-2011-3348: The mod_proxy_ajp module in the Apache HTTP Server before 2↗2011-09-19

▶

📋Vendor Advisories

Ubuntu

Apache vulnerabilities↗2011-11-11

▶

Red Hat

httpd: mod_proxy_ajp remote temporary DoS↗2011-09-14

▶

Debian

CVE-2011-3348: apache2 - The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with...↗2011

▶

Apache

Apache httpd: CVE-2011-3348↗

▶

💬Community

Bugzilla

CVE-2011-3348 httpd: mod_proxy_ajp remote temporary DoS↗2011-09-08

▶