Launchpad CVE tracker

CVE 2011-3348

The mod_proxy_ajp module in the Apache HTTP Server before 2.2.21, when used with mod_proxy_balancer in certain configurations, allows remote attackers to cause a denial of service (temporary "error state" in the backend server) via a malformed HTTP request.

Related bugs and status

CVE-2011-3348 (Candidate) is related to these bugs:

Bug #871674: Server mod_proxy_ajp Denial of Service Vulnerability

Summary				In	Importance	Status
	871674	Server mod_proxy_ajp Denial of Service Vulnerability		apache2 (Ubuntu)	Undecided	Fix Released

Bug #872000: /etc/apache2/mods-available/suexec.load has group read

Summary				In	Importance	Status
	872000	/etc/apache2/mods-available/suexec.load has group read		apache2 (Ubuntu)	Medium	Fix Released

Bug #877740: CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure

		In	Importance	Status
877740	CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure	apache2 (Ubuntu)	Undecided	Fix Released
877740	CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure	apache2 (Ubuntu Hardy)	Undecided	Fix Released
877740	CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure	apache2 (Ubuntu Lucid)	Undecided	Fix Released
877740	CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure	apache2 (Ubuntu Natty)	Undecided	Fix Released
877740	CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure	apache2 (Ubuntu Maverick)	Undecided	Fix Released
877740	CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure	apache2 (Ubuntu Oneiric)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2011-3348

References