What is CVE-2011-4317?

CVE-2011-4317 is a vulnerability in Apache Http_server, classified under Improper Input Validation. Published 2011-11-30.

Is CVE-2011-4317 known to be exploited?

24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apache Http_server

CVE-2011-4317

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.794 (99.1th percentile) — read the EPSS interpretation.

Affected products

Apache Http_server — versions 1.3, 1.3.0, 1.3.1
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

secalert@redhat.com (Exploit, x_refsource_MISC)
HPSBMU02786 (x_refsource_HP, vendor-advisory)
SSRT100966 (x_refsource_HP, vendor-advisory)
SSRT100772 (x_refsource_HP, vendor-advisory)
RHSA-2012:0128 (x_refsource_REDHAT, vendor-advisory)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM)
secalert@redhat.com (x_refsource_CONFIRM, Exploit)
APPLE-SA-2012-09-19-2 (vendor-advisory, x_refsource_APPLE)
secalert@redhat.com (x_refsource_CONFIRM)

Frequently asked questions

What is CVE-2011-4317?: CVE-2011-4317 is a vulnerability in Apache Http_server, classified under Improper Input Validation. Published 2011-11-30.
Is CVE-2011-4317 known to be exploited?: 24 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.