Executive Summary

Informations
NameCVE-2011-3348First vendor Publication2011-09-20
VendorCveLast vendor Modification2017-12-28

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:N/A:P)
Cvss Base Score4.3Attack RangeNetwork
Cvss Impact Score2.9Attack ComplexityMedium
Cvss Expoit Score8.6AuthenticationNone Required
Calculate full CVSS 2.0 Vectors scores

Detail

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3348

CWE : Common Weakness Enumeration

%idName
100 %CWE-399Resource Management Errors

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:18154
 
Oval ID: oval:org.mitre.oval:def:18154
Title: Apache HTTP vulnerability before 2.2.21 in VisualSVN Server (CVE-2011-3348)
Description: The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
Family: windows Class: vulnerability
Reference(s): CVE-2011-3348
Version: 6
Platform(s): Microsoft Windows XP
Microsoft Windows Server 2003
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Microsoft Windows Server 2012
Product(s): VisualSVN Server
Definition Synopsis:
Definition Id: oval:org.mitre.oval:def:14941
 
Oval ID: oval:org.mitre.oval:def:14941
Title: HP-UX Apache Web Server, Remote Denial of Service (DoS)
Description: The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.
Family: unix Class: vulnerability
Reference(s): CVE-2011-3348
Version: 11
Platform(s): HP-UX 11
Product(s):
Definition Synopsis:

CPE : Common Platform Enumeration

TypeDescriptionCount
Application183

OpenVAS Exploits

DateDescription
2012-09-10Name : Slackware Advisory SSA:2011-284-01 httpd
File : nvt/esoft_slk_ssa_2011_284_01.nasl
2012-08-10Name : Gentoo Security Advisory GLSA 201206-25 (apache)
File : nvt/glsa_201206_25.nasl
2012-07-30Name : CentOS Update for httpd CESA-2012:0128 centos6
File : nvt/gb_CESA-2012_0128_httpd_centos6.nasl
2012-07-09Name : RedHat Update for httpd RHSA-2011:1391-01
File : nvt/gb_RHSA-2011_1391-01_httpd.nasl
2012-07-09Name : RedHat Update for httpd RHSA-2012:0128-01
File : nvt/gb_RHSA-2012_0128-01_httpd.nasl
2012-02-06Name : Mac OS X Multiple Vulnerabilities (2012-001)
File : nvt/gb_macosx_su12-001.nasl
2011-11-11Name : Ubuntu Update for apache2 USN-1259-1
File : nvt/gb_ubuntu_USN_1259_1.nasl
2011-11-11Name : Mandriva Update for apache MDVSA-2011:168 (apache)
File : nvt/gb_mandriva_MDVSA_2011_168.nasl
2011-09-16Name : Fedora Update for httpd FEDORA-2011-12715
File : nvt/gb_fedora_2011_12715_httpd_fc15.nasl

Open Source Vulnerability Database (OSVDB)

idDescription
75647Apache HTTP Server mod_proxy_ajp Module mod_proxy_balancer HTTP Request Remot...

Nessus® Vulnerability Scanner

DateDescription
2014-11-08Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0542.nasl - Type : ACT_GATHER_INFO
2014-10-12Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-9.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_3_apache2-111026.nasl - Type : ACT_GATHER_INFO
2014-06-13Name : The remote openSUSE host is missing a security update.
File : suse_11_4_apache2-111026.nasl - Type : ACT_GATHER_INFO
2013-09-04Name : The remote Amazon Linux AMI host is missing a security update.
File : ala_ALAS-2011-09.nasl - Type : ACT_GATHER_INFO
2013-08-11Name : The remote web server may be affected by multiple vulnerabilities.
File : oracle_http_server_cpu_jul_2013.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2011-1391.nasl - Type : ACT_GATHER_INFO
2013-07-12Name : The remote Oracle Linux host is missing one or more security updates.
File : oraclelinux_ELSA-2012-0128.nasl - Type : ACT_GATHER_INFO
2012-08-01Name : The remote Scientific Linux host is missing one or more security updates.
File : sl_20111020_httpd_on_SL6_x.nasl - Type : ACT_GATHER_INFO
2012-06-25Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-25.nasl - Type : ACT_GATHER_INFO
2012-04-20Name : The remote web server is affected by multiple vulnerabilities.
File : hpsmh_7_0_0_24.nasl - Type : ACT_GATHER_INFO
2012-02-16Name : The remote CentOS host is missing one or more security updates.
File : centos_RHSA-2012-0128.nasl - Type : ACT_GATHER_INFO
2012-02-14Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2012-0128.nasl - Type : ACT_GATHER_INFO
2012-02-02Name : The remote host is missing a Mac OS X update that fixes several security vuln...
File : macosx_10_7_3.nasl - Type : ACT_GATHER_INFO
2012-02-02Name : The remote host is missing a Mac OS X update that fixes multiple security vul...
File : macosx_SecUpd2012-001.nasl - Type : ACT_GATHER_INFO
2011-12-13Name : The remote SuSE 11 host is missing one or more security updates.
File : suse_11_apache2-111026.nasl - Type : ACT_GATHER_INFO
2011-11-11Name : The remote Ubuntu host is missing one or more security-related patches.
File : ubuntu_USN-1259-1.nasl - Type : ACT_GATHER_INFO
2011-11-10Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-168.nasl - Type : ACT_GATHER_INFO
2011-10-21Name : The remote Red Hat host is missing one or more security updates.
File : redhat-RHSA-2011-1391.nasl - Type : ACT_GATHER_INFO
2011-10-17Name : The remote Slackware host is missing a security update.
File : Slackware_SSA_2011-284-01.nasl - Type : ACT_GATHER_INFO
2011-09-16Name : The remote web server is affected by a denial of service vulnerability.
File : apache_2_2_21.nasl - Type : ACT_GATHER_INFO
2011-09-16Name : The remote Fedora host is missing a security update.
File : fedora_2011-12715.nasl - Type : ACT_GATHER_INFO
2011-09-06Name : The remote Mandriva Linux host is missing one or more security updates.
File : mandriva_MDVSA-2011-130.nasl - Type : ACT_GATHER_INFO

Sources (Detail)

SourceUrl
APPLE http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.html
BID http://www.securityfocus.com/bid/49616
CONFIRM http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21
http://support.apple.com/kb/HT5130
http://www.apache.org/dist/httpd/Announcement2.2.html
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.html
HP http://marc.info/?l=bugtraq&m=131731002122529&w=2
http://marc.info/?l=bugtraq&m=132033751509019&w=2
MANDRIVA http://www.mandriva.com/security/advisories?name=MDVSA-2011:168
MISC http://community.jboss.org/message/625307
MLIST https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5...
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360...
REDHAT http://rhn.redhat.com/errata/RHSA-2012-0542.html
http://rhn.redhat.com/errata/RHSA-2012-0543.html
http://www.redhat.com/support/errata/RHSA-2011-1391.html
SECTRACK http://www.securitytracker.com/id?1026054
XF https://exchange.xforce.ibmcloud.com/vulnerabilities/69804

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
DateInformations
2019-08-21 12:01:28
  • Multiple Updates
2019-03-19 12:04:34
  • Multiple Updates
2018-09-25 12:08:26
  • Multiple Updates
2018-04-14 01:01:17
  • Multiple Updates
2017-12-29 09:21:56
  • Multiple Updates
2017-09-19 09:24:55
  • Multiple Updates
2017-08-29 09:23:31
  • Multiple Updates
2016-09-30 01:03:18
  • Multiple Updates
2016-06-28 18:49:06
  • Multiple Updates
2016-04-26 21:03:19
  • Multiple Updates
2014-11-08 13:29:50
  • Multiple Updates
2014-10-12 13:26:46
  • Multiple Updates
2014-06-14 13:31:33
  • Multiple Updates
2014-02-17 11:05:02
  • Multiple Updates
2013-11-15 13:20:05
  • Multiple Updates
2013-11-04 21:21:50
  • Multiple Updates
2013-07-17 21:18:45
  • Multiple Updates
2013-05-10 23:07:13
  • Multiple Updates