CVE-2011-3348 — MEDIUM (4.3)

Q: How severe is CVE-2011-3348?

CVE-2011-3348 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2011-3348?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Redhat Jboss Enterprise Web Server, Redhat Enterprise Linux.

Vulnerability Description

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.

CVSS Score

4.3

MEDIUM

AV:N/AC:M/Au:N/C:N/I:N/A:P

Confidentiality

NONE

Integrity

NONE

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Apache	Http Server	>= 2.2.12, <= 2.2.20
Redhat	Jboss Enterprise Web Server	1.0.0
Redhat	Enterprise Linux	6.0

Related Weaknesses (CWE)

CWE-400

References

http://community.jboss.org/message/625307ExploitThird Party Advisory
http://httpd.apache.org/security/vulnerabilities_22.html#2.2.21Vendor Advisory
http://lists.apple.com/archives/security-announce/2012/Feb/msg00000.htmlBroken LinkMailing List
http://marc.info/?l=bugtraq&m=131731002122529&w=2Issue TrackingMailing ListThird Party Advisory
http://marc.info/?l=bugtraq&m=132033751509019&w=2Issue TrackingMailing ListThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0542.htmlThird Party Advisory
http://rhn.redhat.com/errata/RHSA-2012-0543.htmlThird Party Advisory
http://secunia.com/advisories/46013Not ApplicableVendor Advisory
http://support.apple.com/kb/HT5130Third Party Advisory
http://www.apache.org/dist/httpd/Announcement2.2.htmlBroken Link
http://www.mandriva.com/security/advisories?name=MDVSA-2011:168Broken Link
http://www.oracle.com/technetwork/topics/security/cpujuly2013-1899826.htmlThird Party Advisory
http://www.redhat.com/support/errata/RHSA-2011-1391.htmlThird Party Advisory
http://www.securityfocus.com/bid/49616Third Party AdvisoryVDB Entry
http://www.securitytracker.com/id?1026054Broken LinkThird Party AdvisoryVDB Entry

FAQ

What is CVE-2011-3348?

CVE-2011-3348 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error st...

How severe is CVE-2011-3348?

CVE-2011-3348 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2011-3348?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Http Server, Redhat Jboss Enterprise Web Server, Redhat Enterprise Linux.