[CVE-2009-1191]apache 2.2.11 mod_proxy_ajp remote info leak

infwonder · **Posted:** Fri Apr 24, 2009 8:53 am

SecurityFocus wrote:

The 'mod_proxy_ajp' module for Apache is prone to a remote information-disclosure vulnerability.

Attackers can exploit this issue to obtain sensitive information that may lead to further attacks.

CVE-2009-1191 wrote:

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

More information can be found here:
http://www.securityfocus.com/bid/34663

We have apache version 2.2.11 in both CURRENT and SNAPSHOT. I've checked and found the module is included in the package. Patch against version 2.2.11 can be found here:
http://www.apache.org/dist/httpd/patche ... 46949.diff

Reference:
http://web.nvd.nist.gov/view/vuln/detai ... -2009-1191
http://secunia.com/advisories/34827

!8!

[CVE-2009-1191]apache 2.2.11 mod_proxy_ajp remote info leak

Who is online