What is CVE-2011-3639?

CVE-2011-3639 is a vulnerability in Apache Http_server, classified under Improper Input Validation. Published 2011-11-30.

Is CVE-2011-3639 known to be exploited?

24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apache Http_server

CVE-2011-3639

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for con…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.525 (98.8th percentile) — read the EPSS interpretation.

Affected products

Apache Http_server — versions 2.0.11, 2.0.12, 2.0.13
Apache Http_server2.0a1
Apache Http_server2.0a2
Apache Http_server2.0a3
Apache Http_server2.0a4
Apache Http_server2.0a5
Apache Http_server2.0a6
Apache Http_server2.0a7
Apache Http_server2.0a8
Apache Http_server2.0a9

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

secalert@redhat.com (x_refsource_CONFIRM)
RHSA-2012:0128 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
DSA-2405 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2011-3639?: CVE-2011-3639 is a vulnerability in Apache Http_server, classified under Improper Input Validation. Published 2011-11-30.
Is CVE-2011-3639 known to be exploited?: 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.