Description

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.

Remediation

References

CVE-2011-3348

Related Vulnerabilities

WordPress Plugin Filtre de Surveillance Gouvernemental Cross-Site Scripting (1.1)

Ruby on Rails Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2014-0081)

Oracle JRE CVE-2013-0435 Vulnerability (CVE-2013-0435)

Apache HTTP Server DEPRECATED: Code Vulnerability (CVE-2015-3183)

YOURLS Access of Resource Using Incompatible Type ('Type Confusion') Vulnerability (CVE-2019-14537)

Severity

Medium

Classification

CVE-2011-3348 CWE-400

Tags

Missing Update Known Vulnerabilities