製品・ソフトウェアに関する情報

JVN脆弱性詳細

Apache HTTP Server の mod_proxy モジュールにおけるイントラネットサーバにリクエストを送信される脆弱性

Title	Apache HTTP Server の mod_proxy モジュールにおけるイントラネットサーバにリクエストを送信される脆弱性
Summary	Apache HTTP Server の mod_proxy モジュールは、リビジョン 1179239 パッチが適用されているとき、リバースプロキシの設定に対しての (1) RewriteRule、および (2) ProxyPassMatch のパターンマッチを適切に処理しないため、イントラネットサーバにリクエストを送信される脆弱性が存在します。本脆弱性は CVE-2011-3368 の修正が不完全だったことによる脆弱性です。
Possible impacts	第三者により、@ (アットマーク) を含む、および : (コロン) の位置が適切でない、不正な形式の URI を介して、イントラネットサーバにリクエストを送信される可能性があります。
Solution	ベンダ情報及び参考情報を参照して適切な対策を実施してください。
Publication Date	Nov. 30, 2011, midnight
Registration Date	Dec. 1, 2011, 4:46 p.m.
Last Update	Jan. 30, 2015, 5:59 p.m.

CVSS2.0 : 警告
Score	4.3
Vector	AV:N/AC:M/Au:N/C:N/I:P/A:N

Affected System

ヒューレット・パッカード

HP Secure Web Server for OpenVMS V2.2 およびそれ以前のバージョン

HP System Management Homepage 7.1.1 未満 (*)

Apache Software Foundation

Apache HTTP Server 1.3.x から 1.3.42

Apache HTTP Server 2.0.x から 2.0.64

Apache HTTP Server 2.2.x から 2.2.21

オラクル

Oracle Application Server 10.1.3.5

Oracle HTTP Server 11.1.1.5

Oracle HTTP Server 11.1.1.6

Oracle HTTP Server 11.1.2.0

SPARC Enterprise M3000 サーバ

SPARC Enterprise M4000 サーバ

SPARC Enterprise M5000 サーバ

SPARC Enterprise M8000 サーバ

SPARC Enterprise M9000 サーバ

XCP 1118 未満

アップル

Apple Mac OS X v10.6.8

Apple Mac OS X v10.7 から v10.7.4

Apple Mac OS X Server v10.6.8

Apple Mac OS X Server v10.7 から v10.7.4

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-4317	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4317
National Vulnerability Database (NVD)
2	CVE-2011-4317	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-4317
SECURITY BLOG
3	CVE-2011-4317 Improper Input Validation vulnerability in Apache HTTP Server	https://blogs.oracle.com/sunsecurity/entry/cve_2011_4317_improper_input

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-20	https://jvndb.jvn.jp/ja/cwe/CWE-20.html

ベンダー情報

No	Name	URL
Apache Software Foundation
1	Top Page	http://httpd.apache.org/
Apple Mailing Lists
2	APPLE-SA-2012-09-19-2	http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Apple Security Updates
3	HT5501	http://support.apple.com/kb/HT5501
Apple セキュリティアップデート
4	HT5501	http://support.apple.com/kb/HT5501?viewlocale=ja_JP
HP Support document
5	HPSBMU02786 SSRT100877	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
6	HPSBOV02822 SSRT100966	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03517954
mandriva
7	MDVSA-2012:003	http://www.mandriva.com/security/advisories?name=MDVSA-2012:003
8	MDVSA-2013:150	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
opensuse-updates
9	openSUSE-SU-2013:0243	http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
10	openSUSE-SU-2013:0248	http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
Oracle Critical Patch Update
11	Oracle Critical Patch Update Advisory - January 2015	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
12	Oracle Critical Patch Update Advisory - July 2012	http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
13	Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujan2015verbose-1972976.html
14	Text Form of Oracle Critical Patch Update - July 2012 Risk Matrices	http://www.oracle.com/technetwork/topics/security/cpujul2012verbose-392736.html
Red Hat Bugzilla
15	Bug 756483	https://bugzilla.redhat.com/show_bug.cgi?id=756483
Red Hat Security Advisory
16	RHSA-2012:0128	http://rhn.redhat.com/errata/RHSA-2012-0128.html
SECURITY BLOG
17	January 2015 Critical Patch Update Released	https://blogs.oracle.com/security/entry/january_2015_critical_patch_update
18	July 2012 Critical Patch Update Released	https://blogs.oracle.com/security/entry/july_2012_critical_patch_update
19	Multiple vulnerabilities in Apache HTTP Server 1.3	https://blogs.oracle.com/sunsecurity/entry/multiple_vulnerabilities_in_apache_http1
Security Bulletin
20	JSA10585	http://kb.juniper.net/JSA10585

その他

No	Name	URL
関連文書
1	[RFC] further proxy/rewrite URL validation security issue (CVE-2011-4317)	http://thread.gmane.org/gmane.comp.apache.devel/46440

Change Log

No	Changed Details	Date of change
0	[2011年12月01日] 掲載 [2012年02月27日] ベンダ情報：レッドハット (RHSA-2012:0128) を追加 [2012年04月20日] ベンダ情報：オラクル (CVE-2011-4317 Improper Input Validation vulnerability in Apache HTTP Server) を追加 [2012年04月27日] ベンダ情報：オラクル (Multiple vulnerabilities in Apache HTTP Server 1.3) を追加 [2012年07月20日] 影響を受けるシステム：オラクル (Oracle Critical Patch Update Advisory - July 2012) の情報を追加ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - July 2012) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - July 2012 Risk Matrices) を追加ベンダ情報：オラクル (July 2012 Critical Patch Update Released) を追加 [2012年11月28日] ベンダ情報：ヒューレット・パッカード (HPSBOV02822 SSRT100966) を追加影響を受けるシステム：ヒューレット・パッカード (HPSBOV02822 SSRT100966) を追加 [2013年02月21日] 影響を受けるシステム：アップル (HT5501) の情報を追加ベンダ情報：アップル (HT5501) を追加 [2013年12月03日] 影響を受けるシステム：ヒューレット・パッカード (HPSBMU02786 SSRT100877) の情報を追加ベンダ情報：ヒューレット・パッカード (HPSBMU02786 SSRT100877) を追加ベンダ情報：レッドハット (Bug 756483) を追加ベンダ情報：Mandriva, Inc. (MDVSA-2013:150) を追加ベンダ情報：Mandriva, Inc. (MDVSA-2012:003) を追加ベンダ情報：アップル (APPLE-SA-2012-09-19-2) を追加ベンダ情報：Novell (openSUSE-SU-2013:0248) を追加ベンダ情報：Novell (openSUSE-SU-2013:0243) を追加ベンダ情報：ジュニパーネットワークス (JSA10585) を追加参考情報：関連文書 ([RFC] further proxy/rewrite URL validation security issue (CVE-2011-4317) を追加 [2015年01月30日] 影響を受けるシステム：ベンダ情報の追加に伴い内容を更新ベンダ情報：オラクル (Oracle Critical Patch Update Advisory - January 2015) を追加ベンダ情報：オラクル (Text Form of Oracle Critical Patch Update - January 2015 Risk Matrices) を追加ベンダ情報：オラクル (January 2015 Critical Patch Update Released) を追加	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-4317

Summary	The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
Publication Date	Nov. 30, 2011, 1:05 p.m.
Registration Date	Jan. 28, 2021, 4:39 p.m.
Last Update	Nov. 21, 2024, 10:32 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:1.3.38:::::::*
cpe:2.3:a:apache:http_server:1.3.23:::::::*
cpe:2.3:a:apache:http_server:1.3.27:::::::*
cpe:2.3:a:apache:http_server:1.3.10:::::::*
cpe:2.3:a:apache:http_server:1.3.33:::::::*
cpe:2.3:a:apache:http_server:1.3.8:::::::*
cpe:2.3:a:apache:http_server:1.3.36:::::::*
cpe:2.3:a:apache:http_server:1.3.16:::::::*
cpe:2.3:a:apache:http_server:1.3.1:::::::*
cpe:2.3:a:apache:http_server:1.3.25:::::::*
cpe:2.3:a:apache:http_server:1.3.28:::::::*
cpe:2.3:a:apache:http_server:1.3.19:::::::*
cpe:2.3:a:apache:http_server:1.3.31:::::::*
cpe:2.3:a:apache:http_server:1.3.68:::::::*
cpe:2.3:a:apache:http_server:1.3.24:::::::*
cpe:2.3:a:apache:http_server:1.3.5:::::::*
cpe:2.3:a:apache:http_server:1.3.20:::::::*
cpe:2.3:a:apache:http_server:1.3.35:::::::*
cpe:2.3:a:apache:http_server:1.3.6:::::::*
cpe:2.3:a:apache:http_server:1.3.2:::::::*
cpe:2.3:a:apache:http_server:1.3.34:::::::*
cpe:2.3:a:apache:http_server:1.3.4:::::::*
cpe:2.3:a:apache:http_server:1.3.13:::::::*
cpe:2.3:a:apache:http_server:1.3.39:::::::*
cpe:2.3:a:apache:http_server:1.3.30:::::::*
cpe:2.3:a:apache:http_server:1.3.18:::::::*
cpe:2.3:a:apache:http_server:1.3.65:::::::*
cpe:2.3:a:apache:http_server:1.3.0:::::::*
cpe:2.3:a:apache:http_server:1.3:::::::*
cpe:2.3:a:apache:http_server:1.3.12:::::::*
cpe:2.3:a:apache:http_server:1.3.3:::::::*
cpe:2.3:a:apache:http_server:1.3.17:::::::*
cpe:2.3:a:apache:http_server:1.3.1.1:::::::*
cpe:2.3:a:apache:http_server:1.3.26:::::::*
cpe:2.3:a:apache:http_server:1.3.9:::::::*
cpe:2.3:a:apache:http_server:1.3.32:::::::*
cpe:2.3:a:apache:http_server:1.3.15:::::::*
cpe:2.3:a:apache:http_server:1.3.14:::::::*
cpe:2.3:a:apache:http_server:1.3.42:::::::*
cpe:2.3:a:apache:http_server:1.3.29:::::::*
cpe:2.3:a:apache:http_server:1.3.22:::::::*
cpe:2.3:a:apache:http_server:1.3.37:::::::*
cpe:2.3:a:apache:http_server:1.3.11:::::::*
cpe:2.3:a:apache:http_server:1.3.7:::::::*
cpe:2.3:a:apache:http_server:1.3.41:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:2.0.42:::::::*
cpe:2.3:a:apache:http_server:2.0.64:::::::*
cpe:2.3:a:apache:http_server:2.0.58:::::::*
cpe:2.3:a:apache:http_server:2.0.47:::::::*
cpe:2.3:a:apache:http_server:2.0.56:::::::*
cpe:2.3:a:apache:http_server:2.0.50:::::::*
cpe:2.3:a:apache:http_server:2.0.35:::::::*
cpe:2.3:a:apache:http_server:2.0.37:::::::*
cpe:2.3:a:apache:http_server:2.0.55:::::::*
cpe:2.3:a:apache:http_server:2.0.44:::::::*
cpe:2.3:a:apache:http_server:2.0.39:::::::*
cpe:2.3:a:apache:http_server:2.0.52:::::::*
cpe:2.3:a:apache:http_server:2.0.53:::::::*
cpe:2.3:a:apache:http_server:2.0.57:::::::*
cpe:2.3:a:apache:http_server:2.0.51:::::::*
cpe:2.3:a:apache:http_server:2.0.28:beta::::::
cpe:2.3:a:apache:http_server:2.0.63:::::::*
cpe:2.3:a:apache:http_server:2.0.41:::::::*
cpe:2.3:a:apache:http_server:2.0.49:::::::*
cpe:2.3:a:apache:http_server:2.0.9:::::::*
cpe:2.3:a:apache:http_server:2.0.34:beta::::::
cpe:2.3:a:apache:http_server:2.0.61:::::::*
cpe:2.3:a:apache:http_server:2.0.32:::::::*
cpe:2.3:a:apache:http_server:2.0.38:::::::*
cpe:2.3:a:apache:http_server:2.0.48:::::::*
cpe:2.3:a:apache:http_server:2.0.45:::::::*
cpe:2.3:a:apache:http_server:2.0.40:::::::*
cpe:2.3:a:apache:http_server:2.0.36:::::::*
cpe:2.3:a:apache:http_server:2.0.46:::::::*
cpe:2.3:a:apache:http_server:2.0.54:::::::*
cpe:2.3:a:apache:http_server:2.0.43:::::::*
cpe:2.3:a:apache:http_server:2.0.59:::::::*
cpe:2.3:a:apache:http_server:2.0.28:::::::*
cpe:2.3:a:apache:http_server:2.0:::::::*
cpe:2.3:a:apache:http_server:2.0.32:beta::::::
cpe:2.3:a:apache:http_server:2.0.60:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:2.2.11:::::::*
cpe:2.3:a:apache:http_server:2.2.0:::::::*
cpe:2.3:a:apache:http_server:2.2.10:::::::*
cpe:2.3:a:apache:http_server:2.2.13:::::::*
cpe:2.3:a:apache:http_server:2.2.2:::::::*
cpe:2.3:a:apache:http_server:2.2.4:::::::*
cpe:2.3:a:apache:http_server:2.2.16:::::::*
cpe:2.3:a:apache:http_server:2.2.21:::::::*
cpe:2.3:a:apache:http_server:2.2.8:::::::*
cpe:2.3:a:apache:http_server:2.2.14:::::::*
cpe:2.3:a:apache:http_server:2.2.6:::::::*
cpe:2.3:a:apache:http_server:2.2.19:::::::*
cpe:2.3:a:apache:http_server:2.2.9:::::::*
cpe:2.3:a:apache:http_server:2.2.18:::::::*
cpe:2.3:a:apache:http_server:2.2.12:::::::*
cpe:2.3:a:apache:http_server:2.2.3:::::::*
cpe:2.3:a:apache:http_server:2.2.15:::::::*
cpe:2.3:a:apache:http_server:2.2.20:::::::*
cpe:2.3:a:apache:http_server:2.2.1:::::::*

Related information, measures and tools

No	URL	タグ
1	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
2	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
3	http://kb.juniper.net/JSA10585
4	http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
5	http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
6	http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
7	http://marc.info/?l=bugtraq&m=133294460209056&w=2
8	http://marc.info/?l=bugtraq&m=133294460209056&w=2
9	http://marc.info/?l=bugtraq&m=134987041210674&w=2
10	http://marc.info/?l=bugtraq&m=134987041210674&w=2
11	http://rhn.redhat.com/errata/RHSA-2012-0128.html
12	http://secunia.com/advisories/48551
13	http://support.apple.com/kb/HT5501
14	http://thread.gmane.org/gmane.comp.apache.devel/46440	Exploit
15	http://www.debian.org/security/2012/dsa-2405
16	http://www.mandriva.com/security/advisories?name=MDVSA-2012:003
17	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
18	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
19	http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
20	http://www.securitytracker.com/id?1026353
21	https://bugzilla.redhat.com/show_bug.cgi?id=756483
22	https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue	Exploit
23	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
24	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
25	https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E
26	https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
27	https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
28	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
29	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
30	https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E
31	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
32	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
33	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
34	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
35	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
36	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
37	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
38	https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
39	https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
40	https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
41	https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
42	https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
43	https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
44	https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E
45	https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
46	https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
47	https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
48	https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
49	https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E
50	https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
51	https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
52	https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue	Exploit
53	https://bugzilla.redhat.com/show_bug.cgi?id=756483
54	http://www.securitytracker.com/id?1026353
55	http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
56	http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
57	http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
58	http://www.mandriva.com/security/advisories?name=MDVSA-2012:003
59	http://www.debian.org/security/2012/dsa-2405
60	http://thread.gmane.org/gmane.comp.apache.devel/46440	Exploit
61	http://support.apple.com/kb/HT5501
62	http://secunia.com/advisories/48551
63	http://rhn.redhat.com/errata/RHSA-2012-0128.html
64	http://marc.info/?l=bugtraq&m=134987041210674&w=2
65	http://marc.info/?l=bugtraq&m=134987041210674&w=2
66	http://marc.info/?l=bugtraq&m=133294460209056&w=2
67	http://marc.info/?l=bugtraq&m=133294460209056&w=2
68	http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
69	http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
70	http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
71	http://kb.juniper.net/JSA10585
72	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-20	不適切な入力確認	https://cwe.mitre.org/data/definitions/20.html

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:1.3.38:::::::*
cpe:2.3:a:apache:http_server:1.3.23:::::::*
cpe:2.3:a:apache:http_server:1.3.27:::::::*
cpe:2.3:a:apache:http_server:1.3.10:::::::*
cpe:2.3:a:apache:http_server:1.3.33:::::::*
cpe:2.3:a:apache:http_server:1.3.8:::::::*
cpe:2.3:a:apache:http_server:1.3.36:::::::*
cpe:2.3:a:apache:http_server:1.3.16:::::::*
cpe:2.3:a:apache:http_server:1.3.1:::::::*
cpe:2.3:a:apache:http_server:1.3.25:::::::*
cpe:2.3:a:apache:http_server:1.3.28:::::::*
cpe:2.3:a:apache:http_server:1.3.19:::::::*
cpe:2.3:a:apache:http_server:1.3.31:::::::*
cpe:2.3:a:apache:http_server:1.3.68:::::::*
cpe:2.3:a:apache:http_server:1.3.24:::::::*
cpe:2.3:a:apache:http_server:1.3.5:::::::*
cpe:2.3:a:apache:http_server:1.3.20:::::::*
cpe:2.3:a:apache:http_server:1.3.35:::::::*
cpe:2.3:a:apache:http_server:1.3.6:::::::*
cpe:2.3:a:apache:http_server:1.3.2:::::::*
cpe:2.3:a:apache:http_server:1.3.34:::::::*
cpe:2.3:a:apache:http_server:1.3.4:::::::*
cpe:2.3:a:apache:http_server:1.3.13:::::::*
cpe:2.3:a:apache:http_server:1.3.39:::::::*
cpe:2.3:a:apache:http_server:1.3.30:::::::*
cpe:2.3:a:apache:http_server:1.3.18:::::::*
cpe:2.3:a:apache:http_server:1.3.65:::::::*
cpe:2.3:a:apache:http_server:1.3.0:::::::*
cpe:2.3:a:apache:http_server:1.3:::::::*
cpe:2.3:a:apache:http_server:1.3.12:::::::*
cpe:2.3:a:apache:http_server:1.3.3:::::::*
cpe:2.3:a:apache:http_server:1.3.17:::::::*
cpe:2.3:a:apache:http_server:1.3.1.1:::::::*
cpe:2.3:a:apache:http_server:1.3.26:::::::*
cpe:2.3:a:apache:http_server:1.3.9:::::::*
cpe:2.3:a:apache:http_server:1.3.32:::::::*
cpe:2.3:a:apache:http_server:1.3.15:::::::*
cpe:2.3:a:apache:http_server:1.3.14:::::::*
cpe:2.3:a:apache:http_server:1.3.42:::::::*
cpe:2.3:a:apache:http_server:1.3.29:::::::*
cpe:2.3:a:apache:http_server:1.3.22:::::::*
cpe:2.3:a:apache:http_server:1.3.37:::::::*
cpe:2.3:a:apache:http_server:1.3.11:::::::*
cpe:2.3:a:apache:http_server:1.3.7:::::::*
cpe:2.3:a:apache:http_server:1.3.41:::::::*

Configuration2	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:2.0.42:::::::*
cpe:2.3:a:apache:http_server:2.0.64:::::::*
cpe:2.3:a:apache:http_server:2.0.58:::::::*
cpe:2.3:a:apache:http_server:2.0.47:::::::*
cpe:2.3:a:apache:http_server:2.0.56:::::::*
cpe:2.3:a:apache:http_server:2.0.50:::::::*
cpe:2.3:a:apache:http_server:2.0.35:::::::*
cpe:2.3:a:apache:http_server:2.0.37:::::::*
cpe:2.3:a:apache:http_server:2.0.55:::::::*
cpe:2.3:a:apache:http_server:2.0.44:::::::*
cpe:2.3:a:apache:http_server:2.0.39:::::::*
cpe:2.3:a:apache:http_server:2.0.52:::::::*
cpe:2.3:a:apache:http_server:2.0.53:::::::*
cpe:2.3:a:apache:http_server:2.0.57:::::::*
cpe:2.3:a:apache:http_server:2.0.51:::::::*
cpe:2.3:a:apache:http_server:2.0.28:beta::::::
cpe:2.3:a:apache:http_server:2.0.63:::::::*
cpe:2.3:a:apache:http_server:2.0.41:::::::*
cpe:2.3:a:apache:http_server:2.0.49:::::::*
cpe:2.3:a:apache:http_server:2.0.9:::::::*
cpe:2.3:a:apache:http_server:2.0.34:beta::::::
cpe:2.3:a:apache:http_server:2.0.61:::::::*
cpe:2.3:a:apache:http_server:2.0.32:::::::*
cpe:2.3:a:apache:http_server:2.0.38:::::::*
cpe:2.3:a:apache:http_server:2.0.48:::::::*
cpe:2.3:a:apache:http_server:2.0.45:::::::*
cpe:2.3:a:apache:http_server:2.0.40:::::::*
cpe:2.3:a:apache:http_server:2.0.36:::::::*
cpe:2.3:a:apache:http_server:2.0.46:::::::*
cpe:2.3:a:apache:http_server:2.0.54:::::::*
cpe:2.3:a:apache:http_server:2.0.43:::::::*
cpe:2.3:a:apache:http_server:2.0.59:::::::*
cpe:2.3:a:apache:http_server:2.0.28:::::::*
cpe:2.3:a:apache:http_server:2.0:::::::*
cpe:2.3:a:apache:http_server:2.0.32:beta::::::
cpe:2.3:a:apache:http_server:2.0.60:::::::*

Configuration3	or higher	or less	more than	less than
cpe:2.3:a:apache:http_server:2.2.11:::::::*
cpe:2.3:a:apache:http_server:2.2.0:::::::*
cpe:2.3:a:apache:http_server:2.2.10:::::::*
cpe:2.3:a:apache:http_server:2.2.13:::::::*
cpe:2.3:a:apache:http_server:2.2.2:::::::*
cpe:2.3:a:apache:http_server:2.2.4:::::::*
cpe:2.3:a:apache:http_server:2.2.16:::::::*
cpe:2.3:a:apache:http_server:2.2.21:::::::*
cpe:2.3:a:apache:http_server:2.2.8:::::::*
cpe:2.3:a:apache:http_server:2.2.14:::::::*
cpe:2.3:a:apache:http_server:2.2.6:::::::*
cpe:2.3:a:apache:http_server:2.2.19:::::::*
cpe:2.3:a:apache:http_server:2.2.9:::::::*
cpe:2.3:a:apache:http_server:2.2.18:::::::*
cpe:2.3:a:apache:http_server:2.2.12:::::::*
cpe:2.3:a:apache:http_server:2.2.3:::::::*
cpe:2.3:a:apache:http_server:2.2.15:::::::*
cpe:2.3:a:apache:http_server:2.2.20:::::::*
cpe:2.3:a:apache:http_server:2.2.1:::::::*