Apache Mod_proxy_ajp Information Disclosure Vulnerability Network Vulnerability

Summary

This host is running Apache Web Server and is prone to Information Disclosure Vulnerability.

Impact

Successful exploitation will let the attacker craft a special HTTP POST request and gain sensitive information about the web server. Impact level: Application

Solution

Upgrade to Apache HTTP Version 2.2.15 or later For further updates refer, http://httpd.apache.org/download.cgi

Insight

This flaw is due to an error in 'mod_proxy_ajp' when handling improperly malformed POST requests.

Affected

Apache HTTP Version 2.2.11 Workaround: Update mod_proxy_ajp.c through SVN Repository (Revision 767089) http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff

References

http://secunia.com/advisories/34827
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089
http://xforce.iss.net/xforce/xfdb/50059

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1191

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

AbanteCart Multiple Cross-Site Scripting Vulnerabilities
Apache Struts Directory Traversal Vulnerability
1024 CMS 1.1.0 Beta 'force_download.php' Local File Include Vulnerability
Apache Tomcat Login Constraints Security Bypass Vulnerability
Adobe Presenter viewer.swf and loadflash.js XSS Vulnerability

Apache mod_proxy_ajp Information Disclosure Vulnerability

Take action and discover your vulnerabilities