{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2011-11-15T00:00:00", "descriptions": [{"lang": "en", "value": "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-12-28T20:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080"}, {"name": "RHSA-2012:0128", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1188745"}, {"name": "DSA-2405", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2012/dsa-2405"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T23:37:48.644Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080"}, {"name": "RHSA-2012:0128", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://svn.apache.org/viewvc?view=revision&revision=1188745"}, {"name": "DSA-2405", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2012/dsa-2405"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2011-3639", "datePublished": "2011-11-30T02:00:00", "dateReserved": "2011-09-21T00:00:00", "dateUpdated": "2024-08-06T23:37:48.644Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:2.0.11:*:*:*:*:*:*:*", "matchCriteriaId": "DAF992CB-14FF-409B-8DCD-BA967C077DDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.12:*:*:*:*:*:*:*", "matchCriteriaId": "DA66C097-3E40-4B73-814F-DDC0DECED68D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.13:*:*:*:*:*:*:*", "matchCriteriaId": "8AC5F497-E7C4-4C65-AB39-26AC6D9AB16F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.14:*:*:*:*:*:*:*", "matchCriteriaId": "A14055E2-3AF4-4067-B36F-2196A80630AC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.15:*:*:*:*:*:*:*", "matchCriteriaId": "877CA12A-4033-4D7A-B952-F03E4A47CDD3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.16:*:*:*:*:*:*:*", "matchCriteriaId": "C13C842A-F5C7-463C-AFEF-83CB37DDD143", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.17:*:*:*:*:*:*:*", "matchCriteriaId": "AD5AC2F3-591D-479C-9675-4D805A518B55", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.18:*:*:*:*:*:*:*", "matchCriteriaId": "3F4491F3-3444-4FDF-B5BE-2B122E85372D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.19:*:*:*:*:*:*:*", "matchCriteriaId": "DB9F4D77-D462-4ACD-B398-C0B246743436", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.20:*:*:*:*:*:*:*", "matchCriteriaId": "30815053-E2D2-4D80-A98F-A439A8390DAC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.21:*:*:*:*:*:*:*", "matchCriteriaId": "E1458538-C8F6-4B15-A9BC-A991FB96E58C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.22:*:*:*:*:*:*:*", "matchCriteriaId": "5625759C-0695-44AD-BF4D-B52C8783CF7B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.23:*:*:*:*:*:*:*", "matchCriteriaId": "0559B21D-AB40-4F99-87DA-0792A198FE9F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.24:*:*:*:*:*:*:*", "matchCriteriaId": "44C1AC64-7048-4B92-A5EC-1267EB639B97", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.25:*:*:*:*:*:*:*", "matchCriteriaId": "3BC97B2F-08DD-418D-B811-DDD0B886F3B6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.26:*:*:*:*:*:*:*", "matchCriteriaId": "59503E54-2D6E-4116-A54D-857729AEFC4F", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.27:*:*:*:*:*:*:*", "matchCriteriaId": "5970F4D6-D6F9-48D9-A720-C0B48946A265", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.28:*:*:*:*:*:*:*", "matchCriteriaId": "EB477AFB-EA39-4892-B772-586CF6D2D235", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.29:*:*:*:*:*:*:*", "matchCriteriaId": "8FBF3D87-0F47-4EF1-BD1F-3F8AEB54D759", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.30:*:*:*:*:*:*:*", "matchCriteriaId": "DADE8586-71C7-43E7-92FA-11810376E987", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.31:*:*:*:*:*:*:*", "matchCriteriaId": "C24F551C-B514-4598-8B17-312F739402D3", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.32:*:*:*:*:*:*:*", "matchCriteriaId": "B35906CD-038E-4243-8A95-F0A3A43F06F7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.33:*:*:*:*:*:*:*", "matchCriteriaId": "01BB22DE-1350-41BF-8C3D-B05458A45FB5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.34:*:*:*:*:*:*:*", "matchCriteriaId": "BD008916-D0D6-4FC0-AAB0-5A3F11027E46", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.35:*:*:*:*:*:*:*", "matchCriteriaId": "B940BB85-03F5-46D7-8DC9-2E1E228D3D98", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.36:*:*:*:*:*:*:*", "matchCriteriaId": "82139FFA-2779-4732-AFA5-4E6E19775899", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.37:*:*:*:*:*:*:*", "matchCriteriaId": "B7F717E6-BACD-4C8A-A9C5-516ADA6FEE6C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.38:*:*:*:*:*:*:*", "matchCriteriaId": "08AB120B-2FEC-4EB3-9777-135D81E809AA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.39:*:*:*:*:*:*:*", "matchCriteriaId": "1C7FF669-12E0-4A73-BBA7-250D109148C5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.40:*:*:*:*:*:*:*", "matchCriteriaId": "5AB7B1F1-7202-445D-9F96-135DC0AFB1E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.41:*:*:*:*:*:*:*", "matchCriteriaId": "BCB7EE53-187E-40A9-9865-0F3EDA2B5A4C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.42:*:*:*:*:*:*:*", "matchCriteriaId": "9D06AE8A-9BA8-4AA8-ACEA-326CD001E879", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.43:*:*:*:*:*:*:*", "matchCriteriaId": "2FC1A04B-0466-48AD-89F3-1F2EF1DEBE6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.44:*:*:*:*:*:*:*", "matchCriteriaId": "19F34D08-430E-4331-A27D-667149425176", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.45:*:*:*:*:*:*:*", "matchCriteriaId": "248BDF2C-3E78-49D1-BD9C-60C09A441724", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.46:*:*:*:*:*:*:*", "matchCriteriaId": "BB0FDE3D-1509-4375-8703-0D174D70B22E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.47:*:*:*:*:*:*:*", "matchCriteriaId": "AFE732B5-00C9-4443-97E0-1DF21475C26B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.48:*:*:*:*:*:*:*", "matchCriteriaId": "C79C41D3-6894-4F2D-B8F8-82AB4780A824", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.49:*:*:*:*:*:*:*", "matchCriteriaId": "449A5647-CEA6-4314-9DB8-D086F388E1C7", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.50:*:*:*:*:*:*:*", "matchCriteriaId": "B5A407B7-F432-48F0-916A-A49952F85CA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.51:*:*:*:*:*:*:*", "matchCriteriaId": "6B5AC769-D07D-43C7-B252-A5A812E7D58C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.52:*:*:*:*:*:*:*", "matchCriteriaId": "ADF4DBF6-DAF0-47E7-863B-C48DB7149A78", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.53:*:*:*:*:*:*:*", "matchCriteriaId": "F2F19D71-0A58-4B03-B351-596EB67ECF80", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.54:*:*:*:*:*:*:*", "matchCriteriaId": "5EBB3FF9-CF5A-4E7B-ACE3-A198343AD485", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.55:*:*:*:*:*:*:*", "matchCriteriaId": "D721FFB5-D6D3-4F60-8B09-B3AD07EE6D4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.56:*:*:*:*:*:*:*", "matchCriteriaId": "97E8F32E-C2E5-44E3-A920-F09AF919D372", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.57:*:*:*:*:*:*:*", "matchCriteriaId": "0CF37A82-49B6-45D4-B91D-FDA2D4463A0C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.58:*:*:*:*:*:*:*", "matchCriteriaId": "030D1767-2DF7-48E3-B462-4B49CA751B35", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.59:*:*:*:*:*:*:*", "matchCriteriaId": "5236DC61-5557-4C24-8F5B-F48548448588", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.61:*:*:*:*:*:*:*", "matchCriteriaId": "3B468F9B-2514-425C-9279-0FCAF73BBD18", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.0.63:*:*:*:*:*:*:*", "matchCriteriaId": "59FAFAD0-6B58-431B-BA90-CAE6C72844E9", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "67AD11FB-529C-404E-A13B-284F145322B8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "733D62FE-180A-4AE8-9DBF-DA1DC18C1932", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "CCBBB7FE-35FC-4515-8393-5145339FCE4D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "F519633F-AB68-495A-B85E-FD41F9F752CA", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "A894BED6-C97D-4DA4-A13D-9CB2B3306BC5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.6:*:*:*:*:*:*:*", "matchCriteriaId": "34A847D1-5AD5-4EFD-B165-7602AFC1E656", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.8:*:*:*:*:*:*:*", "matchCriteriaId": "9AF3A0F5-4E5C-4278-9927-1F94F25CCAFC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.9:*:*:*:*:*:*:*", "matchCriteriaId": "AB63EBE5-CF14-491E-ABA5-67116DFE3E5B", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.10:*:*:*:*:*:*:*", "matchCriteriaId": "8C2A33DE-F55F-4FD8-BB00-9C1E006CA65C", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*", "matchCriteriaId": "B1CF6394-95D9-42AF-A442-385EFF9CEFE1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.12:*:*:*:*:*:*:*", "matchCriteriaId": "02B629FB-88C8-4E85-A137-28770F1E524E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.13:*:*:*:*:*:*:*", "matchCriteriaId": "03550EF0-DF89-42FE-BF0E-994514EBD947", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.14:*:*:*:*:*:*:*", "matchCriteriaId": "4886CCAB-6D4E-45C7-B177-2E8DBEA15531", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.15:*:*:*:*:*:*:*", "matchCriteriaId": "C35631AC-7C35-4F6A-A95A-3B080E5210ED", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.16:*:*:*:*:*:*:*", "matchCriteriaId": "6CED2BA6-BE5E-4EF1-88EB-0DADD23D2EEF", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server:2.2.17:*:*:*:*:*:*:*", "matchCriteriaId": "A71F4154-AD20-4EEA-9E2E-D3385C357DA5", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server2.0a1:*:*:*:*:*:*:*:*", "matchCriteriaId": "C46F0F48-193A-4885-9BC0-1BA89829DD6E", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server2.0a2:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE2712B5-6002-43B8-81D9-4DB00BD3D502", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server2.0a3:*:*:*:*:*:*:*:*", "matchCriteriaId": "74A571A2-3C21-4137-A099-FB50017BE7FC", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server2.0a4:*:*:*:*:*:*:*:*", "matchCriteriaId": "364B61B1-D841-459A-BDF2-9B5558768A5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server2.0a5:*:*:*:*:*:*:*:*", "matchCriteriaId": "058B5D4F-43A3-4304-A7C3-110E964312BB", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server2.0a6:*:*:*:*:*:*:*:*", "matchCriteriaId": "0D64BE04-0D98-439D-9E91-E26B466E98E1", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server2.0a7:*:*:*:*:*:*:*:*", "matchCriteriaId": "38C899A1-550E-435F-A9DC-4F6846CBA2A8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server2.0a8:*:*:*:*:*:*:*:*", "matchCriteriaId": "FA768FBC-91C7-49AA-8D59-0A853A007135", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:http_server2.0a9:*:*:*:*:*:*:*:*", "matchCriteriaId": "197CA84D-447E-43B1-B71F-71E92A5937A8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368."}, {"lang": "es", "value": "El m\u00f3dulo mod_proxy en el servidor HTTP Apache v2.0.x hasta v2.0.64 y v2.2.x hasta v2.2.18, cuando la revisi\u00f3n 1179239 se realiza, no interact\u00faa con el uso de patrones de coincidencia (1) RewriteRule y (2) ProxyPassMatch para configuraci\u00f3n de un proxy inverso, lo que permite a atacantes remotos enviar peticiones a servidores de la intranet a trav\u00e9s de URI mal formadas que contienen el caracter '@': caracter en una posici\u00f3n inv\u00e1lida. NOTA: esta vulnerabilidad existe debido a una soluci\u00f3n incompleta para CVE-2011-3368."}], "id": "CVE-2011-3639", "lastModified": "2025-04-11T00:51:21.963", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2011-11-30T04:05:58.437", "references": [{"source": "secalert@redhat.com", "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html"}, {"source": "secalert@redhat.com", "url": "http://svn.apache.org/viewvc?view=revision&revision=1188745"}, {"source": "secalert@redhat.com", "url": "http://www.debian.org/security/2012/dsa-2405"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://rhn.redhat.com/errata/RHSA-2012-0128.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://svn.apache.org/viewvc?view=revision&revision=1188745"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2012/dsa-2405"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2012:0323", "cpe": "cpe:/o:redhat:enterprise_linux:5", "package": "httpd-0:2.2.3-63.el5_8.1", "product_name": "Red Hat Enterprise Linux 5", "release_date": "2012-02-21T00:00:00Z"}, {"advisory": "RHSA-2012:0128", "cpe": "cpe:/o:redhat:enterprise_linux:6", "package": "httpd-0:2.2.15-15.el6_2.1", "product_name": "Red Hat Enterprise Linux 6", "release_date": "2012-02-13T00:00:00Z"}], "bugzilla": {"description": "httpd: http 0.9 request bypass of the reverse proxy vulnerability CVE-2011-3368 fix", "id": "752080", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=752080"}, "csaw": false, "cvss": {"cvss_base_score": "2.6", "cvss_scoring_vector": "AV:N/AC:H/Au:N/C:N/I:P/A:N", "status": "verified"}, "details": ["The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368."], "name": "CVE-2011-3639", "package_state": [{"cpe": "cpe:/a:redhat:certificate_system:7.3", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Certificate System 7.3"}, {"cpe": "cpe:/a:redhat:directory_server:8", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Directory Server 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:4", "fix_state": "Will not fix", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 4"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_web_server:1", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Web Server 1"}], "public_date": "2011-10-26T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2011-3639\nhttps://nvd.nist.gov/vuln/detail/CVE-2011-3639"], "threat_severity": "Moderate"}