Apache Mod_proxy_ajp Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running Apache Web Server and is prone to Information Disclosure Vulnerability.

Impact

Successful exploitation will let the attacker craft a special HTTP POST request and gain sensitive information about the web server. Impact level: Application

Solution

Upgrade to Apache HTTP Version 2.2.15 or later For further updates refer, http://httpd.apache.org/download.cgi

Insight

This flaw is due to an error in 'mod_proxy_ajp' when handling improperly malformed POST requests.

Affected

Apache HTTP Version 2.2.11 Workaround: Update mod_proxy_ajp.c through SVN Repository (Revision 767089) http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff

References

http://secunia.com/advisories/34827
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089
http://xforce.iss.net/xforce/xfdb/50059

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1191
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apache ActiveMQ Multiple Vulnerabilities
Apache Archiva Multiple Vulnerabilities
Apache Continuum Cross Site Scripting Vulnerability
Afian 'includer.php' Directory Traversal Vulnerability
An Image Gallery Directory Traversal Vulnerability

Apache mod_proxy_ajp Information Disclosure Vulnerability

Take action and discover your vulnerabilities