Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-3zxg-cmhk-c7e6
Vulnerability ID VCID-3zxg-cmhk-c7e6
Aliases CVE-2009-1191
Summary An information disclosure flaw was found in mod_proxy_ajp in version 2.2.11 only. In certain situations, if a user sent a carefully crafted HTTP request, the server could return a response intended for another user.
Status Published
Exploitability 0.5
Weighted Severity 6.2
Risk 3.1
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.11998 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.11998 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.11998 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
apache_httpd important https://httpd.apache.org/security/json/CVE-2009-1191.json
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1191.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191
496801 https://bugzilla.redhat.com/show_bug.cgi?id=496801
CVE-2009-1191 https://httpd.apache.org/security/json/CVE-2009-1191.json
GLSA-200907-04 https://security.gentoo.org/glsa/200907-04
RHSA-2009:1058 https://access.redhat.com/errata/RHSA-2009:1058
USN-787-1 https://usn.ubuntu.com/787-1/
No exploits are available.
Exploit Prediction Scoring System (EPSS)
Percentile 0.93905
EPSS Score 0.11998
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-02T04:53:35.116838+00:00 Apache HTTPD Importer Import https://httpd.apache.org/security/json/CVE-2009-1191.json 38.6.0