CVE-2011-3639 : The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x be

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

Published 2011-11-30 04:05:58

Updated 2025-04-11 00:51:22

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2011-3639

Apache » Http Server » Version: 2.0.28
cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.32
cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.35
cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.36
cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.39
cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.37
cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.38
cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.42
cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.40
cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.41
cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.43
cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.44
cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.45
cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.46
cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.47
cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.48
cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.49
cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.50
cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.51
cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.52
cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.53
cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.54
cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.55
cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.56
cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.57
cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.1
cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.58
cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.0
cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.3
cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.4
cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.59
cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.61
cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.2
cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.6
cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.8
cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.9
cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.12
cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.13
cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.63
cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.10
cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.11
cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.14
cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.15
cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.16
cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.31
cpe:2.3:a:apache:http_server:2.0.31:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.24
cpe:2.3:a:apache:http_server:2.0.24:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.23
cpe:2.3:a:apache:http_server:2.0.23:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.22
cpe:2.3:a:apache:http_server:2.0.22:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.15
cpe:2.3:a:apache:http_server:2.0.15:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.14
cpe:2.3:a:apache:http_server:2.0.14:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.34
cpe:2.3:a:apache:http_server:2.0.34:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.33
cpe:2.3:a:apache:http_server:2.0.33:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.26
cpe:2.3:a:apache:http_server:2.0.26:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.25
cpe:2.3:a:apache:http_server:2.0.25:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.17
cpe:2.3:a:apache:http_server:2.0.17:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.16
cpe:2.3:a:apache:http_server:2.0.16:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.2.17
cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.30
cpe:2.3:a:apache:http_server:2.0.30:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.29
cpe:2.3:a:apache:http_server:2.0.29:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.21
cpe:2.3:a:apache:http_server:2.0.21:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.20
cpe:2.3:a:apache:http_server:2.0.20:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.13
cpe:2.3:a:apache:http_server:2.0.13:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.12
cpe:2.3:a:apache:http_server:2.0.12:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.27
cpe:2.3:a:apache:http_server:2.0.27:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.19
cpe:2.3:a:apache:http_server:2.0.19:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.18
cpe:2.3:a:apache:http_server:2.0.18:*:*:*:*:*:*:*
Matching versions
Apache » Http Server » Version: 2.0.11
cpe:2.3:a:apache:http_server:2.0.11:*:*:*:*:*:*:*
Matching versions
Apache » Http Server2.0a9
cpe:2.3:a:apache:http_server2.0a9:*:*:*:*:*:*:*:*
Matching versions
Apache » Http Server2.0a8
cpe:2.3:a:apache:http_server2.0a8:*:*:*:*:*:*:*:*
Matching versions
Apache » Http Server2.0a7
cpe:2.3:a:apache:http_server2.0a7:*:*:*:*:*:*:*:*
Matching versions
Apache » Http Server2.0a6
cpe:2.3:a:apache:http_server2.0a6:*:*:*:*:*:*:*:*
Matching versions
Apache » Http Server2.0a5
cpe:2.3:a:apache:http_server2.0a5:*:*:*:*:*:*:*:*
Matching versions
Apache » Http Server2.0a4
cpe:2.3:a:apache:http_server2.0a4:*:*:*:*:*:*:*:*
Matching versions
Apache » Http Server2.0a3
cpe:2.3:a:apache:http_server2.0a3:*:*:*:*:*:*:*:*
Matching versions
Apache » Http Server2.0a2
cpe:2.3:a:apache:http_server2.0a2:*:*:*:*:*:*:*:*
Matching versions
Apache » Http Server2.0a1
cpe:2.3:a:apache:http_server2.0a1:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2011-3639

Top countries where our scanners detected CVE-2011-3639

Top open port discovered on systems with this issue 80

IPs affected by CVE-2011-3639 781,257

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2011-3639!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2011-3639

EPSS FAQ

15.95%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 94 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-3639

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
4.3	MEDIUM	AV:N/AC:M/Au:N/C:N/I:P/A:N	8.6	2.9	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: None Integrity Impact: Partial Availability Impact: None

CWE ids for CVE-2011-3639

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-3639

http://svn.apache.org/viewvc?view=revision&revision=1188745

[Apache-SVN] Revision 1188745
http://www.debian.org/security/2012/dsa-2405

Debian -- Security Information -- DSA-2405-1 apache2

CVEs referencing this url
https://bugzilla.redhat.com/show_bug.cgi?id=752080

752080 – (CVE-2011-3639) CVE-2011-3639 httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix
http://rhn.redhat.com/errata/RHSA-2012-0128.html

RHSA-2012:0128 - Security Advisory - Red Hat Customer Portal

CVEs referencing this url