CVE

Id
38626  
CVE No.
CVE-2009-1191  
Status
Candidate  
Description
mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.  
Phase
Assigned (20090331)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
422880 38626 CVE-2009-1191 CONFIRM:http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089  View
422881 38626 CVE-2009-1191 CONFIRM:http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff  View
422882 38626 CVE-2009-1191 CONFIRM:https://issues.apache.org/bugzilla/show_bug.cgi?id=46949  View
422883 38626 CVE-2009-1191 CONFIRM:http://support.apple.com/kb/HT3937  View
422884 38626 CVE-2009-1191 CONFIRM:http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html  View
422885 38626 CVE-2009-1191 APPLE:APPLE-SA-2009-11-09-1  View
422886 38626 CVE-2009-1191 URL:http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html  View
422887 38626 CVE-2009-1191 GENTOO:GLSA-200907-04  View
422888 38626 CVE-2009-1191 URL:http://security.gentoo.org/glsa/glsa-200907-04.xml  View
422889 38626 CVE-2009-1191 MANDRIVA:MDVSA-2009:102  View
422890 38626 CVE-2009-1191 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2009:102  View
422891 38626 CVE-2009-1191 MANDRIVA:MDVSA-2013:150  View
422892 38626 CVE-2009-1191 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2013:150  View
422893 38626 CVE-2009-1191 UBUNTU:USN-787-1  View
422894 38626 CVE-2009-1191 URL:http://www.ubuntu.com/usn/usn-787-1  View
422895 38626 CVE-2009-1191 BID:34663  View
422896 38626 CVE-2009-1191 URL:http://www.securityfocus.com/bid/34663  View
422897 38626 CVE-2009-1191 OSVDB:53921  View
422898 38626 CVE-2009-1191 URL:http://osvdb.org/53921  View
422899 38626 CVE-2009-1191 OVAL:oval:org.mitre.oval:def:8261  View
422900 38626 CVE-2009-1191 URL:http://oval.mitre.org/repository/data/getDef?id=oval:org.mitre.oval:def:8261  View
422901 38626 CVE-2009-1191 SECTRACK:1022264  View
422902 38626 CVE-2009-1191 URL:http://www.securitytracker.com/id?1022264  View
422903 38626 CVE-2009-1191 SECUNIA:34827  View
422904 38626 CVE-2009-1191 URL:http://secunia.com/advisories/34827  View
422905 38626 CVE-2009-1191 SECUNIA:35395  View
422906 38626 CVE-2009-1191 URL:http://secunia.com/advisories/35395  View
422907 38626 CVE-2009-1191 SECUNIA:35721  View
422908 38626 CVE-2009-1191 URL:http://secunia.com/advisories/35721  View
422909 38626 CVE-2009-1191 VUPEN:ADV-2009-1147  View
422910 38626 CVE-2009-1191 URL:http://www.vupen.com/english/advisories/2009/1147  View
422911 38626 CVE-2009-1191 VUPEN:ADV-2009-3184  View
422912 38626 CVE-2009-1191 URL:http://www.vupen.com/english/advisories/2009/3184  View
422913 38626 CVE-2009-1191 XF:apache-modproxyajp-information-disclosure(50059)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
40556 JVNDB-2009-001562 Apache HTTP Server における AllowOverride ディレクティブの処理に関する権限昇格の脆弱性 Apache HTTP Server には、AllowOverride ディレクティブの Options=IncludesNOEXEC を正しく処理しないため、.htaccess ファイル内の Options Includes、Options +Includes、および Options +IncludesNOEXEC の設定により権限を取得される脆弱性が存在します。 CVE-2009-1195 38626 4.9 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-001562.html  View