Security Database IT Watching - Alert Detail

SECURITY DATABASE

SDCON :

(Medium)

INTERNAL RELATED (Quick)

Related
USN-787-1	(High)
MDVSA-2009:323	(High)
MDVSA-2009:102	(Medium)
GLSA-200907-04	(Medium)

OTHER

Report an error

OPEN STANDARDS

VENDOR DATABASE

INFORMATION

Name	:	CVE-2009-1191	First Publication	:	2009-04-23
Severity	:	Medium	Last Modification	:	2010-08-21

SCORING CVSS v2

Cvss Base Score	:	5	Attack Range	:	Network
Cvss Impact Score	:	2.9	Attack Complexity	:	Low
Cvss Expoit Score	:	10	Authentification	:	None Required
Calculate full CVSS 2.0 Vectors scores

DETAIL

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

CWE COMMON WEAKNESS ENUMERATION

CWE-20 - Improper Input Validation

OVALID

oval:org.mitre.oval:def:8261, Apache 'mod_proxy_ajp' Information Disclosure Vulnerability

oval:org.mitre.oval:def:8550, Apache HTTP Server 2.2.x is installed on the system

CPE COMMON PLATFORM ENUMERATION

Application : Apache Apache http server
- cpe:/a:apache:apache_http_server:2.2.11

OPEN SOURCE VULNERABILTY DATABASE (OSVDB)

53921 : Apache HTTP Server mod_proxy_ajp Cross Thread/Session Information Disclosure.

SECONDARY(S) SOURCE(S)

Source : APPLE
Url : http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html

Source : BID
Url : http://www.securityfocus.com/bid/34663

Source : CONFIRM
Url : http://support.apple.com/kb/HT3937
Url : http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089
Url : http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff
Url : https://issues.apache.org/bugzilla/show_bug.cgi?id=46949

Source : GENTOO
Url : http://security.gentoo.org/glsa/glsa-200907-04.xml

Source : MANDRIVA
Url : http://www.mandriva.com/security/advisories?name=MDVSA-2009:102

Source : OSVDB
Url : http://osvdb.org/53921

Source : SECTRACK
Url : http://www.securitytracker.com/id?1022264

Source : SECUNIA
Url : http://secunia.com/advisories/34827
Url : http://secunia.com/advisories/35395
Url : http://secunia.com/advisories/35721

Source : UBUNTU
Url : http://www.ubuntu.com/usn/usn-787-1

Source : VUPEN
Url : http://www.vupen.com/english/advisories/2009/1147
Url : http://www.vupen.com/english/advisories/2009/3184

Source : XF
Url : http://xforce.iss.net/xforce/xfdb/50059