製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apache HTTP Server の mod_proxy モジュールにおけるイントラネットサーバにリクエストを送信される脆弱性

Title	Apache HTTP Server の mod_proxy モジュールにおけるイントラネットサーバにリクエストを送信される脆弱性
Summary	Apache HTTP Server の mod_proxy モジュールは、RewriteRule および ProxyPassMatch パターンマッチを適切に処理しないため、イントラネットサーバにリクエストを送信される脆弱性が存在します。
Possible impacts	第三者により、@ (アットマーク) で始まる不正な形式の URI を介して、イントラネットサーバにリクエストを送信される可能性があります。
Solution	ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date	Oct. 5, 2011, midnight
Registration Date	Oct. 12, 2011, 4:11 p.m.
Last Update	Jan. 22, 2015, 3:05 p.m.

CVSS2.0 : 警告
Score	5
Vector	AV:N/AC:L/Au:N/C:P/I:N/A:N

Affected System

ヒューレット・パッカード

HP Secure Web Server for OpenVMS V2.2 およびそれ以前のバージョン

Apache Software Foundation

Apache HTTP Server 1.3.x から 1.3.42

Apache HTTP Server 2.0.x から 2.0.64

Apache HTTP Server 2.2.x から 2.2.21

オラクル

Oracle Application Server 10.1.3.5

Oracle HTTP Server 11.1.1.5

Oracle HTTP Server 11.1.2.0

SPARC Enterprise M3000 サーバ

SPARC Enterprise M4000 サーバ

SPARC Enterprise M5000 サーバ

SPARC Enterprise M8000 サーバ

SPARC Enterprise M9000 サーバ

XCP 1118 未満

アップル

Apple Mac OS X v10.6.8

Apple Mac OS X v10.7 から v10.7.4

Apple Mac OS X Server v10.6.8

Apple Mac OS X Server v10.7 から v10.7.4

富士通

Interstage Application Framework Suite

Interstage Application Server

Interstage Apworks

Interstage Business Application Server

Interstage Job Workload Server

Interstage Studio

Interstage Web Server

Systemwalker Resource Coordinator

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-3368	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
National Vulnerability Database (NVD)
2	CVE-2011-3368	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3368
SECURITY BLOG
3	CVE-2011-3368 Improper Input Validation vulnerability in Apache HTTP Server 1.3	https://blogs.oracle.com/sunsecurity/entry/cve_2011_3368_improper_input
4	CVE-2011-3368 Improper Input Validation vulnerability in Apache HTTP Server 2.0	https://blogs.oracle.com/sunsecurity/entry/cve_2011_3368_improper_input1

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Apache Software Foundation
1	Apache httpd 1.3 vulnerabilities	http://httpd.apache.org/security/vulnerabilities_13.html
2	Apache httpd 2.0 vulnerabilities	http://httpd.apache.org/security/vulnerabilities_20.html
3	Apache httpd 2.2 vulnerabilities	http://httpd.apache.org/security/vulnerabilities_22.html
Apache-SVN
4	1179239	http://svn.apache.org/viewvc?view=revision&revision=1179239
Apple Mailing Lists
5	APPLE-SA-2012-09-19-2	http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Apple Security Updates
6	HT5501	http://support.apple.com/kb/HT5501
Apple セキュリティアップデート
7	HT5501	http://support.apple.com/kb/HT5501?viewlocale=ja_JP
HP Support document
8	HPSBOV02822 SSRT100966	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03517954
IBM APAR
9	SE49723	http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
10	SE49724	http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
mandriva
11	MDVSA-2011:144	http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
12	MDVSA-2013:150	http://www.mandriva.com/en/support/security/advisories/advisory/MDVSA-2013:150/?name=MDVSA-2013:150
opensuse-security-announce
13	openSUSE-SU-2011:1229	http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
opensuse-updates
14	openSUSE-SU-2013:0243	http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
15	openSUSE-SU-2013:0248	http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
Oracle Critical Patch Update
16	Oracle Critical Patch Update Advisory - January 2015	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
17	Oracle Critical Patch Update Advisory - July 2012	http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
18	Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html
19	Text Form of Oracle Critical Patch Update - July 2012 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html
Red Hat Bugzilla
20	Bug 740045	https://bugzilla.redhat.com/show_bug.cgi?id=740045
Red Hat Security Advisory
21	RHSA-2011:1391	http://www.redhat.com/support/errata/RHSA-2011-1391.html
22	RHSA-2011:1392	http://rhn.redhat.com/errata/RHSA-2011-1392.html
SECURITY BLOG
23	January 2015 Critical Patch Update Released	https://blogs.oracle.com/security/entry/january_2015_critical_patch_update
24	July 2012 Critical Patch Update Released	http://blogs.oracle.com/security/entry/july_2012_critical_patch_update
Security Bulletin
25	JSA10585	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10585
富士通セキュリティ情報
26	Interstage HTTP Server: 2件のセキュリティ脆弱性	http://software.fujitsu.com/jp/security/products-fujitsu/solution/interstage_as_201104.html

その他

No	Name	URL
JVN
1	JVNVU#381963	http://jvn.jp/cert/JVNVU381963/index.html

Change Log

No	Changed Details	Date of change
0	[2011年10月12日] 掲載 [2011年11月28日] 影響を受けるシステム：富士通 (interstage_as_201104) の情報を追加ベンダ情報：富士通 (interstage_as_201104) を追加 [2012年04月20日] ベンダ情報：オラクル (CVE-2011-3368 Improper Input Validation vulnerability in Apache HTTP Server 2.0) を追加ベンダ情報：オラクル (CVE-2011-3368 Improper Input Validation vulnerability in Apache HTTP Server 1.3) を追加 [2012年07月20日] 影響を受けるシステム：オラクル (Oracle Critical Patch Update Advisory - July 2012) の情報を追加ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - July 2012) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - July 2012 Risk Matrices) を追加ベンダ情報：オラクル (July 2012 Critical Patch Update Released) を追加 [2012年10月05日] ベンダ情報：アップル (HT5501) を追加 [2012年11月28日] ベンダ情報：ヒューレット・パッカード (HPSBOV02822 SSRT100966) を追加影響を受けるシステム：ヒューレット・パッカード (HPSBOV02822 SSRT100966) を追加 [2013年12月03日] 影響を受けるシステム：アップル (HT5501) の情報を追加ベンダ情報：IBM (SE49723) を追加ベンダ情報：IBM (SE49724) を追加ベンダ情報：アップル (APPLE-SA-2012-09-19-2) を追加ベンダ情報：レッドハット (Bug 740045) を追加ベンダ情報：レッドハット (RHSA-2011:1391) を追加ベンダ情報：レッドハット (RHSA-2011:1392) を追加ベンダ情報：Mandriva, Inc (MDVSA-2011:144) を追加ベンダ情報：Mandriva, Inc (MDVSA-2013:150) を追加ベンダ情報：Novell (openSUSE-SU-2011:1229) を追加ベンダ情報：Novell (openSUSE-SU-2013:0243) を追加ベンダ情報：Novell (openSUSE-SU-2013:0248) を追加ベンダ情報：ジュニパーネットワークス (JSA10585) を追加 [2015年01月22日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - January 2015) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices) を追加ベンダ情報：オラクル (January 2015 Critical Patch Update Released) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-3368

Summary	The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
Publication Date	Oct. 6, 2011, 7:55 a.m.
Registration Date	Jan. 28, 2021, 4:39 p.m.
Last Update	Nov. 21, 2024, 10:30 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:1.3.38:::::::*
cpe:2.3:a:apache:http_server:1.3.23:::::::*
cpe:2.3:a:apache:http_server:1.3.27:::::::*
cpe:2.3:a:apache:http_server:1.3.10:::::::*
cpe:2.3:a:apache:http_server:1.3.33:::::::*
cpe:2.3:a:apache:http_server:1.3.8:::::::*
cpe:2.3:a:apache:http_server:1.3.36:::::::*
cpe:2.3:a:apache:http_server:1.3.16:::::::*
cpe:2.3:a:apache:http_server:1.3.1:::::::*
cpe:2.3:a:apache:http_server:1.3.25:::::::*
cpe:2.3:a:apache:http_server:1.3.28:::::::*
cpe:2.3:a:apache:http_server:1.3.19:::::::*
cpe:2.3:a:apache:http_server:1.3.31:::::::*
cpe:2.3:a:apache:http_server:1.3.68:::::::*
cpe:2.3:a:apache:http_server:1.3.24:::::::*
cpe:2.3:a:apache:http_server:1.3.5:::::::*
cpe:2.3:a:apache:http_server:1.3.20:::::::*
cpe:2.3:a:apache:http_server:1.3.35:::::::*
cpe:2.3:a:apache:http_server:1.3.6:::::::*
cpe:2.3:a:apache:http_server:1.3.2:::::::*
cpe:2.3:a:apache:http_server:1.3.34:::::::*
cpe:2.3:a:apache:http_server:1.3.4:::::::*
cpe:2.3:a:apache:http_server:1.3.13:::::::*
cpe:2.3:a:apache:http_server:1.3.39:::::::*
cpe:2.3:a:apache:http_server:1.3.30:::::::*
cpe:2.3:a:apache:http_server:1.3.18:::::::*
cpe:2.3:a:apache:http_server:1.3.65:::::::*
cpe:2.3:a:apache:http_server:1.3.0:::::::*
cpe:2.3:a:apache:http_server:1.3:::::::*
cpe:2.3:a:apache:http_server:1.3.12:::::::*
cpe:2.3:a:apache:http_server:1.3.3:::::::*
cpe:2.3:a:apache:http_server:1.3.17:::::::*
cpe:2.3:a:apache:http_server:1.3.1.1:::::::*
cpe:2.3:a:apache:http_server:1.3.26:::::::*
cpe:2.3:a:apache:http_server:1.3.9:::::::*
cpe:2.3:a:apache:http_server:1.3.32:::::::*
cpe:2.3:a:apache:http_server:1.3.15:::::::*
cpe:2.3:a:apache:http_server:1.3.14:::::::*
cpe:2.3:a:apache:http_server:1.3.42:::::::*
cpe:2.3:a:apache:http_server:1.3.29:::::::*
cpe:2.3:a:apache:http_server:1.3.22:::::::*
cpe:2.3:a:apache:http_server:1.3.37:::::::*
cpe:2.3:a:apache:http_server:1.3.11:::::::*
cpe:2.3:a:apache:http_server:1.3.7:::::::*
cpe:2.3:a:apache:http_server:1.3.41:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:2.0.42:::::::*
cpe:2.3:a:apache:http_server:2.0.64:::::::*
cpe:2.3:a:apache:http_server:2.0.58:::::::*
cpe:2.3:a:apache:http_server:2.0.47:::::::*
cpe:2.3:a:apache:http_server:2.0.56:::::::*
cpe:2.3:a:apache:http_server:2.0.50:::::::*
cpe:2.3:a:apache:http_server:2.0.35:::::::*
cpe:2.3:a:apache:http_server:2.0.37:::::::*
cpe:2.3:a:apache:http_server:2.0.55:::::::*
cpe:2.3:a:apache:http_server:2.0.44:::::::*
cpe:2.3:a:apache:http_server:2.0.39:::::::*
cpe:2.3:a:apache:http_server:2.0.52:::::::*
cpe:2.3:a:apache:http_server:2.0.53:::::::*
cpe:2.3:a:apache:http_server:2.0.57:::::::*
cpe:2.3:a:apache:http_server:2.0.51:::::::*
cpe:2.3:a:apache:http_server:2.0.28:beta::::::
cpe:2.3:a:apache:http_server:2.0.63:::::::*
cpe:2.3:a:apache:http_server:2.0.41:::::::*
cpe:2.3:a:apache:http_server:2.0.49:::::::*
cpe:2.3:a:apache:http_server:2.0.9:::::::*
cpe:2.3:a:apache:http_server:2.0.34:beta::::::
cpe:2.3:a:apache:http_server:2.0.61:::::::*
cpe:2.3:a:apache:http_server:2.0.32:::::::*
cpe:2.3:a:apache:http_server:2.0.38:::::::*
cpe:2.3:a:apache:http_server:2.0.48:::::::*
cpe:2.3:a:apache:http_server:2.0.45:::::::*
cpe:2.3:a:apache:http_server:2.0.40:::::::*
cpe:2.3:a:apache:http_server:2.0.36:::::::*
cpe:2.3:a:apache:http_server:2.0.46:::::::*
cpe:2.3:a:apache:http_server:2.0.54:::::::*
cpe:2.3:a:apache:http_server:2.0.43:::::::*
cpe:2.3:a:apache:http_server:2.0.59:::::::*
cpe:2.3:a:apache:http_server:2.0.28:::::::*
cpe:2.3:a:apache:http_server:2.0:::::::*
cpe:2.3:a:apache:http_server:2.0.32:beta::::::
cpe:2.3:a:apache:http_server:2.0.60:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:2.2.11:::::::*
cpe:2.3:a:apache:http_server:2.2.0:::::::*
cpe:2.3:a:apache:http_server:2.2.10:::::::*
cpe:2.3:a:apache:http_server:2.2.13:::::::*
cpe:2.3:a:apache:http_server:2.2.2:::::::*
cpe:2.3:a:apache:http_server:2.2.4:::::::*
cpe:2.3:a:apache:http_server:2.2.16:::::::*
cpe:2.3:a:apache:http_server:2.2.21:::::::*
cpe:2.3:a:apache:http_server:2.2.8:::::::*
cpe:2.3:a:apache:http_server:2.2.14:::::::*
cpe:2.3:a:apache:http_server:2.2.6:::::::*
cpe:2.3:a:apache:http_server:2.2.19:::::::*
cpe:2.3:a:apache:http_server:2.2.9:::::::*
cpe:2.3:a:apache:http_server:2.2.18:::::::*
cpe:2.3:a:apache:http_server:2.2.12:::::::*
cpe:2.3:a:apache:http_server:2.2.3:::::::*
cpe:2.3:a:apache:http_server:2.2.15:::::::*
cpe:2.3:a:apache:http_server:2.2.20:::::::*
cpe:2.3:a:apache:http_server:2.2.1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://kb.juniper.net/JSA10585
2	http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
3	http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
4	http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
5	http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
6	http://marc.info/?l=bugtraq&m=133294460209056&w=2
7	http://marc.info/?l=bugtraq&m=133294460209056&w=2
8	http://marc.info/?l=bugtraq&m=134987041210674&w=2
9	http://marc.info/?l=bugtraq&m=134987041210674&w=2
10	http://osvdb.org/76079
11	http://rhn.redhat.com/errata/RHSA-2012-0542.html
12	http://rhn.redhat.com/errata/RHSA-2012-0543.html
13	http://seclists.org/fulldisclosure/2011/Oct/232
14	http://seclists.org/fulldisclosure/2011/Oct/273
15	http://secunia.com/advisories/46288
16	http://secunia.com/advisories/46414
17	http://secunia.com/advisories/48551
18	http://support.apple.com/kb/HT5501
19	http://svn.apache.org/viewvc?view=revision&revision=1179239	Patch
20	http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt	Exploit Patch
21	http://www.contextis.com/research/blog/reverseproxybypass/
22	http://www.debian.org/security/2012/dsa-2405
23	http://www.exploit-db.com/exploits/17969
24	http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
25	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
26	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
27	http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
28	http://www.redhat.com/support/errata/RHSA-2011-1391.html
29	http://www.redhat.com/support/errata/RHSA-2011-1392.html
30	http://www.securityfocus.com/bid/49957
31	http://www.securitytracker.com/id?1026144
32	http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
33	http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
34	https://bugzilla.redhat.com/show_bug.cgi?id=740045	Exploit Patch
35	https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
36	https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
37	https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
38	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
39	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
40	https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
41	https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
42	https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
43	https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
44	https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
45	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
46	https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
47	https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
48	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
49	https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
50	https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
51	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
52	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
53	https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
54	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
55	https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
56	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
57	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
58	http://kb.juniper.net/JSA10585
59	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
60	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
61	https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
62	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
63	https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
64	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
65	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
66	https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
67	https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
68	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
69	https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
70	https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
71	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
72	https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
73	https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
74	https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
75	https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
76	https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
77	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
78	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
79	https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
80	https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
81	https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
82	https://bugzilla.redhat.com/show_bug.cgi?id=740045	Exploit Patch
83	http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
84	http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
85	http://www.securitytracker.com/id?1026144
86	http://www.securityfocus.com/bid/49957
87	http://www.redhat.com/support/errata/RHSA-2011-1392.html
88	http://www.redhat.com/support/errata/RHSA-2011-1391.html
89	http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
90	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
91	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
92	http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
93	http://www.exploit-db.com/exploits/17969
94	http://www.debian.org/security/2012/dsa-2405
95	http://www.contextis.com/research/blog/reverseproxybypass/
96	http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt	Exploit Patch
97	http://svn.apache.org/viewvc?view=revision&revision=1179239	Patch
98	http://support.apple.com/kb/HT5501
99	http://secunia.com/advisories/48551
100	http://secunia.com/advisories/46414
101	http://secunia.com/advisories/46288
102	http://seclists.org/fulldisclosure/2011/Oct/273
103	http://seclists.org/fulldisclosure/2011/Oct/232
104	http://rhn.redhat.com/errata/RHSA-2012-0543.html
105	http://rhn.redhat.com/errata/RHSA-2012-0542.html
106	http://osvdb.org/76079
107	http://marc.info/?l=bugtraq&m=134987041210674&w=2
108	http://marc.info/?l=bugtraq&m=134987041210674&w=2
109	http://marc.info/?l=bugtraq&m=133294460209056&w=2
110	http://marc.info/?l=bugtraq&m=133294460209056&w=2
111	http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
112	http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
113	http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
114	http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:1.3.38:::::::*
cpe:2.3:a:apache:http_server:1.3.23:::::::*
cpe:2.3:a:apache:http_server:1.3.27:::::::*
cpe:2.3:a:apache:http_server:1.3.10:::::::*
cpe:2.3:a:apache:http_server:1.3.33:::::::*
cpe:2.3:a:apache:http_server:1.3.8:::::::*
cpe:2.3:a:apache:http_server:1.3.36:::::::*
cpe:2.3:a:apache:http_server:1.3.16:::::::*
cpe:2.3:a:apache:http_server:1.3.1:::::::*
cpe:2.3:a:apache:http_server:1.3.25:::::::*
cpe:2.3:a:apache:http_server:1.3.28:::::::*
cpe:2.3:a:apache:http_server:1.3.19:::::::*
cpe:2.3:a:apache:http_server:1.3.31:::::::*
cpe:2.3:a:apache:http_server:1.3.68:::::::*
cpe:2.3:a:apache:http_server:1.3.24:::::::*
cpe:2.3:a:apache:http_server:1.3.5:::::::*
cpe:2.3:a:apache:http_server:1.3.20:::::::*
cpe:2.3:a:apache:http_server:1.3.35:::::::*
cpe:2.3:a:apache:http_server:1.3.6:::::::*
cpe:2.3:a:apache:http_server:1.3.2:::::::*
cpe:2.3:a:apache:http_server:1.3.34:::::::*
cpe:2.3:a:apache:http_server:1.3.4:::::::*
cpe:2.3:a:apache:http_server:1.3.13:::::::*
cpe:2.3:a:apache:http_server:1.3.39:::::::*
cpe:2.3:a:apache:http_server:1.3.30:::::::*
cpe:2.3:a:apache:http_server:1.3.18:::::::*
cpe:2.3:a:apache:http_server:1.3.65:::::::*
cpe:2.3:a:apache:http_server:1.3.0:::::::*
cpe:2.3:a:apache:http_server:1.3:::::::*
cpe:2.3:a:apache:http_server:1.3.12:::::::*
cpe:2.3:a:apache:http_server:1.3.3:::::::*
cpe:2.3:a:apache:http_server:1.3.17:::::::*
cpe:2.3:a:apache:http_server:1.3.1.1:::::::*
cpe:2.3:a:apache:http_server:1.3.26:::::::*
cpe:2.3:a:apache:http_server:1.3.9:::::::*
cpe:2.3:a:apache:http_server:1.3.32:::::::*
cpe:2.3:a:apache:http_server:1.3.15:::::::*
cpe:2.3:a:apache:http_server:1.3.14:::::::*
cpe:2.3:a:apache:http_server:1.3.42:::::::*
cpe:2.3:a:apache:http_server:1.3.29:::::::*
cpe:2.3:a:apache:http_server:1.3.22:::::::*
cpe:2.3:a:apache:http_server:1.3.37:::::::*
cpe:2.3:a:apache:http_server:1.3.11:::::::*
cpe:2.3:a:apache:http_server:1.3.7:::::::*
cpe:2.3:a:apache:http_server:1.3.41:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:2.0.42:::::::*
cpe:2.3:a:apache:http_server:2.0.64:::::::*
cpe:2.3:a:apache:http_server:2.0.58:::::::*
cpe:2.3:a:apache:http_server:2.0.47:::::::*
cpe:2.3:a:apache:http_server:2.0.56:::::::*
cpe:2.3:a:apache:http_server:2.0.50:::::::*
cpe:2.3:a:apache:http_server:2.0.35:::::::*
cpe:2.3:a:apache:http_server:2.0.37:::::::*
cpe:2.3:a:apache:http_server:2.0.55:::::::*
cpe:2.3:a:apache:http_server:2.0.44:::::::*
cpe:2.3:a:apache:http_server:2.0.39:::::::*
cpe:2.3:a:apache:http_server:2.0.52:::::::*
cpe:2.3:a:apache:http_server:2.0.53:::::::*
cpe:2.3:a:apache:http_server:2.0.57:::::::*
cpe:2.3:a:apache:http_server:2.0.51:::::::*
cpe:2.3:a:apache:http_server:2.0.28:beta::::::
cpe:2.3:a:apache:http_server:2.0.63:::::::*
cpe:2.3:a:apache:http_server:2.0.41:::::::*
cpe:2.3:a:apache:http_server:2.0.49:::::::*
cpe:2.3:a:apache:http_server:2.0.9:::::::*
cpe:2.3:a:apache:http_server:2.0.34:beta::::::
cpe:2.3:a:apache:http_server:2.0.61:::::::*
cpe:2.3:a:apache:http_server:2.0.32:::::::*
cpe:2.3:a:apache:http_server:2.0.38:::::::*
cpe:2.3:a:apache:http_server:2.0.48:::::::*
cpe:2.3:a:apache:http_server:2.0.45:::::::*
cpe:2.3:a:apache:http_server:2.0.40:::::::*
cpe:2.3:a:apache:http_server:2.0.36:::::::*
cpe:2.3:a:apache:http_server:2.0.46:::::::*
cpe:2.3:a:apache:http_server:2.0.54:::::::*
cpe:2.3:a:apache:http_server:2.0.43:::::::*
cpe:2.3:a:apache:http_server:2.0.59:::::::*
cpe:2.3:a:apache:http_server:2.0.28:::::::*
cpe:2.3:a:apache:http_server:2.0:::::::*
cpe:2.3:a:apache:http_server:2.0.32:beta::::::
cpe:2.3:a:apache:http_server:2.0.60:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:2.2.11:::::::*
cpe:2.3:a:apache:http_server:2.2.0:::::::*
cpe:2.3:a:apache:http_server:2.2.10:::::::*
cpe:2.3:a:apache:http_server:2.2.13:::::::*
cpe:2.3:a:apache:http_server:2.2.2:::::::*
cpe:2.3:a:apache:http_server:2.2.4:::::::*
cpe:2.3:a:apache:http_server:2.2.16:::::::*
cpe:2.3:a:apache:http_server:2.2.21:::::::*
cpe:2.3:a:apache:http_server:2.2.8:::::::*
cpe:2.3:a:apache:http_server:2.2.14:::::::*
cpe:2.3:a:apache:http_server:2.2.6:::::::*
cpe:2.3:a:apache:http_server:2.2.19:::::::*
cpe:2.3:a:apache:http_server:2.2.9:::::::*
cpe:2.3:a:apache:http_server:2.2.18:::::::*
cpe:2.3:a:apache:http_server:2.2.12:::::::*
cpe:2.3:a:apache:http_server:2.2.3:::::::*
cpe:2.3:a:apache:http_server:2.2.15:::::::*
cpe:2.3:a:apache:http_server:2.2.20:::::::*
cpe:2.3:a:apache:http_server:2.2.1:::::::*