CVE-2011-3639
Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass
Severity Score
5.9
*CVSS v3
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
El módulo mod_proxy en el servidor HTTP Apache v2.0.x hasta v2.0.64 y v2.2.x hasta v2.2.18, cuando la revisión 1179239 se realiza, no interactúa con el uso de patrones de coincidencia (1) RewriteRule y (2) ProxyPassMatch para configuración de un proxy inverso, lo que permite a atacantes remotos enviar peticiones a servidores de la intranet a través de URI mal formadas que contienen el caracter '@': caracter en una posición inválida. NOTA: esta vulnerabilidad existe debido a una solución incompleta para CVE-2011-3368.
The Apache HTTP Server is a popular web server. It was discovered that the fix for CVE-2011-3368 did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI. The httpd server included the full HTTP header line in the default error page generated when receiving an excessively long or malformed header. Malicious JavaScript running in the server's domain context could use this flaw to gain access to httpOnly cookies.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2011-09-21 CVE Reserved
- 2011-11-30 CVE Published
- 2012-02-06 First Exploit
- 2024-08-06 CVE Updated
- 2025-07-04 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-20: Improper Input Validation
CAPEC
References (6)
| URL | Tag | Source |
|---|---|---|
| http://svn.apache.org/viewvc?view=revision&revision=1188745 | X_refsource_confirm |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/36663 | 2012-02-06 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://rhn.redhat.com/errata/RHSA-2012-0128.html | 2023-11-07 | |
| http://www.debian.org/security/2012/dsa-2405 | 2023-11-07 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=752080 | 2012-02-21 | |
| https://access.redhat.com/security/cve/CVE-2011-3639 | 2012-02-21 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.11 Search vendor "Apache" for product "Http Server" and version "2.0.11" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.12 Search vendor "Apache" for product "Http Server" and version "2.0.12" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.13 Search vendor "Apache" for product "Http Server" and version "2.0.13" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.14 Search vendor "Apache" for product "Http Server" and version "2.0.14" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.15 Search vendor "Apache" for product "Http Server" and version "2.0.15" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.16 Search vendor "Apache" for product "Http Server" and version "2.0.16" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.17 Search vendor "Apache" for product "Http Server" and version "2.0.17" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.18 Search vendor "Apache" for product "Http Server" and version "2.0.18" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.19 Search vendor "Apache" for product "Http Server" and version "2.0.19" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.20 Search vendor "Apache" for product "Http Server" and version "2.0.20" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.21 Search vendor "Apache" for product "Http Server" and version "2.0.21" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.22 Search vendor "Apache" for product "Http Server" and version "2.0.22" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.23 Search vendor "Apache" for product "Http Server" and version "2.0.23" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.24 Search vendor "Apache" for product "Http Server" and version "2.0.24" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.25 Search vendor "Apache" for product "Http Server" and version "2.0.25" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.26 Search vendor "Apache" for product "Http Server" and version "2.0.26" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.27 Search vendor "Apache" for product "Http Server" and version "2.0.27" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.28 Search vendor "Apache" for product "Http Server" and version "2.0.28" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.29 Search vendor "Apache" for product "Http Server" and version "2.0.29" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.30 Search vendor "Apache" for product "Http Server" and version "2.0.30" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.31 Search vendor "Apache" for product "Http Server" and version "2.0.31" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.32 Search vendor "Apache" for product "Http Server" and version "2.0.32" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.33 Search vendor "Apache" for product "Http Server" and version "2.0.33" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.34 Search vendor "Apache" for product "Http Server" and version "2.0.34" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.35 Search vendor "Apache" for product "Http Server" and version "2.0.35" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.36 Search vendor "Apache" for product "Http Server" and version "2.0.36" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.37 Search vendor "Apache" for product "Http Server" and version "2.0.37" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.38 Search vendor "Apache" for product "Http Server" and version "2.0.38" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.39 Search vendor "Apache" for product "Http Server" and version "2.0.39" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.40 Search vendor "Apache" for product "Http Server" and version "2.0.40" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.41 Search vendor "Apache" for product "Http Server" and version "2.0.41" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.42 Search vendor "Apache" for product "Http Server" and version "2.0.42" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.43 Search vendor "Apache" for product "Http Server" and version "2.0.43" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.44 Search vendor "Apache" for product "Http Server" and version "2.0.44" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.45 Search vendor "Apache" for product "Http Server" and version "2.0.45" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.46 Search vendor "Apache" for product "Http Server" and version "2.0.46" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.47 Search vendor "Apache" for product "Http Server" and version "2.0.47" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.48 Search vendor "Apache" for product "Http Server" and version "2.0.48" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.49 Search vendor "Apache" for product "Http Server" and version "2.0.49" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.50 Search vendor "Apache" for product "Http Server" and version "2.0.50" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.51 Search vendor "Apache" for product "Http Server" and version "2.0.51" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.52 Search vendor "Apache" for product "Http Server" and version "2.0.52" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.53 Search vendor "Apache" for product "Http Server" and version "2.0.53" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.54 Search vendor "Apache" for product "Http Server" and version "2.0.54" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.55 Search vendor "Apache" for product "Http Server" and version "2.0.55" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.56 Search vendor "Apache" for product "Http Server" and version "2.0.56" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.57 Search vendor "Apache" for product "Http Server" and version "2.0.57" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.58 Search vendor "Apache" for product "Http Server" and version "2.0.58" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.59 Search vendor "Apache" for product "Http Server" and version "2.0.59" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.61 Search vendor "Apache" for product "Http Server" and version "2.0.61" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.0.63 Search vendor "Apache" for product "Http Server" and version "2.0.63" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.0 Search vendor "Apache" for product "Http Server" and version "2.2.0" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.1 Search vendor "Apache" for product "Http Server" and version "2.2.1" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.2 Search vendor "Apache" for product "Http Server" and version "2.2.2" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.3 Search vendor "Apache" for product "Http Server" and version "2.2.3" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.4 Search vendor "Apache" for product "Http Server" and version "2.2.4" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.6 Search vendor "Apache" for product "Http Server" and version "2.2.6" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.8 Search vendor "Apache" for product "Http Server" and version "2.2.8" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.9 Search vendor "Apache" for product "Http Server" and version "2.2.9" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.10 Search vendor "Apache" for product "Http Server" and version "2.2.10" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.11 Search vendor "Apache" for product "Http Server" and version "2.2.11" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.12 Search vendor "Apache" for product "Http Server" and version "2.2.12" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.13 Search vendor "Apache" for product "Http Server" and version "2.2.13" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.14 Search vendor "Apache" for product "Http Server" and version "2.2.14" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.15 Search vendor "Apache" for product "Http Server" and version "2.2.15" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.16 Search vendor "Apache" for product "Http Server" and version "2.2.16" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | 2.2.17 Search vendor "Apache" for product "Http Server" and version "2.2.17" | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server2.0a1 Search vendor "Apache" for product "Http Server2.0a1" | * | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server2.0a2 Search vendor "Apache" for product "Http Server2.0a2" | * | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server2.0a3 Search vendor "Apache" for product "Http Server2.0a3" | * | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server2.0a4 Search vendor "Apache" for product "Http Server2.0a4" | * | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server2.0a5 Search vendor "Apache" for product "Http Server2.0a5" | * | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server2.0a6 Search vendor "Apache" for product "Http Server2.0a6" | * | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server2.0a7 Search vendor "Apache" for product "Http Server2.0a7" | * | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server2.0a8 Search vendor "Apache" for product "Http Server2.0a8" | * | - |
Affected
| ||||||
| Apache Search vendor "Apache" | Http Server2.0a9 Search vendor "Apache" for product "Http Server2.0a9" | * | - |
Affected
| ||||||