Lucene search
RootSSV:20934HistorySep 18, 2011 - 12:00 a.m.
Apache HTTP Server mod_proxy_ajp拒绝服务漏洞
2011-09-1800:00:00
Root
www.seebug.org
253
0.248 Low
EPSS
Percentile
96.7%
CVE(CAN) ID: CVE-2011-3348
Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器,可以在大多数电脑操作系统中运行,由于其跨平台和安全性被广泛使用,是最流行的Web服务器端软件之一。
Apache HTTP Server的mod_proxy_balancer在实现上存在安全漏洞,恶意用户可利用此漏洞造成拒绝服务。
此漏洞源于结合mod_proxy_balancer使用时,mod_proxy_ajp中的畸形HTTP请求处理时的错误。通过发送特制的HTTP请求,可造成后端服务器故障,直到重试超时结束后才会结束临时DoS。
Apache Group Apache HTTP Server 2.2.x
厂商补丁:
Apache Group
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
Related
altlinux
altlinux
Security fix for the ALT Linux 8 package apache2 version 2.2.21-alt1
2011-09-20 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.21-alt1
2011-09-20 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.21-alt1
2011-09-20 00:00:00
nessus
nessus
Slackware 12.0 / 12.1 / 12.2 / 13.0 / 13.1 / 13.37 / current : httpd (SSA:2011-284-01)
2011-10-17 00:00:00
Apache 2.2.x < 2.2.21 mod_proxy_ajp DoS
2011-09-16 00:00:00
Fedora 15 : httpd-2.2.21-1.fc15 (2011-12715)
2011-09-16 00:00:00
debiancve
debiancve
CVE-2011-3348
2011-09-20 05:55:02
checkpoint_advisories
checkpoint_advisories
Apache HTTPD mod_proxy_ajp Denial Of Service (CVE-2011-3348)
2014-11-12 00:00:00
httpd
httpd
Apache Httpd < 2.2.21 : mod_proxy_ajp remote DoS
2011-09-07 00:00:00
cvelist
cvelist
CVE-2011-3348
2011-09-19 15:00:00
ubuntucve
ubuntucve
CVE-2011-3348
2011-09-20 00:00:00
debian
debian
[BSA-058] Security Update for apache2
2011-11-14 04:20:22
cve
cve
CVE-2011-3348
2011-09-20 05:55:02
prion
prion
Design/Logic Flaw
2011-09-20 05:55:00
openvas
openvas
Apache HTTP Server DoS Vulnerability (Sep 2011) - Linux
2021-11-01 00:00:00
Fedora Update for httpd FEDORA-2011-12715
2011-09-16 00:00:00
Slackware: Security Advisory (SSA:2011-284-01)
2012-09-10 00:00:00
veracode
veracode
Denial Of Service (DoS)
2020-04-10 01:03:06
nvd
nvd
CVE-2011-3348
2011-09-20 05:55:02
securityvulns
securityvulns
Multiple HTTP servers DoS
2011-10-20 00:00:00
APPLE-SA-2012-02-01-1 OS X Lion v10.7.3 and Security Update 2012-001
2012-02-03 00:00:00
slackware
slackware
[slackware-security] httpd
2011-10-14 23:59:50
threatpost
threatpost
Apache Releases Version 2.2.21 With New Fix For Range Header Flaw
2011-09-14 15:29:14
amazon
amazon
Medium: httpd
2011-10-31 18:19:00
fedora
fedora
[SECURITY] Fedora 15 Update: httpd-2.2.21-1.fc15
2011-09-16 01:58:28
redhat
redhat
(RHSA-2011:1391) Moderate: httpd security and bug fix update
2011-10-20 00:00:00
(RHSA-2012:0542) Moderate: httpd security and bug fix update
2012-05-07 00:00:00
(RHSA-2012:0543) Moderate: httpd security and bug fix update
2012-05-07 18:13:40
suse
suse
Security update for Apache2 (important)
2011-11-04 09:08:25
apache2: Fixed several security issues (important)
2011-11-04 09:08:34
ubuntu
ubuntu
Apache vulnerabilities
2011-11-11 00:00:00
oraclelinux
oraclelinux
httpd security and bug fix update
2011-10-20 00:00:00
f5
f5
ibm
ibm
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Out-of-date Version (Apache)
2016-11-24 15:09:27
oracle
oracle
Oracle Critical Patch Update - July 2013
2013-07-16 00:00:00