FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2009-1191

This CVE name corresponds to:

Entered Topic
2009-08-25 apache22 -- several vulnerabilities

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2009-1191 at cve.mitre.org

Details

Type Candidate
Name CVE-2009-1191
Phase Assigned(20090331)

Description

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

References

Source Reference
CONFIRM http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089
CONFIRM http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff
CONFIRM https://issues.apache.org/bugzilla/show_bug.cgi?id=46949
CONFIRM http://support.apple.com/kb/HT3937
CONFIRM http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
APPLE APPLE-SA-2009-11-09-1
GENTOO GLSA-200907-04
MANDRIVA MDVSA-2009:102
MANDRIVA MDVSA-2013:150
UBUNTU USN-787-1
BID 34663
OSVDB 53921
OVAL oval:org.mitre.oval:def:8261
SECTRACK 1022264
SECUNIA 34827
SECUNIA 35395
SECUNIA 35721
VUPEN ADV-2009-1147
VUPEN ADV-2009-3184
XF apache-modproxyajp-information-disclosure(50059)

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.