Search for vulnerabilities
Vulnerability details: VCID-d333-ppvg-aaaq
Vulnerability ID VCID-d333-ppvg-aaaq
Aliases CVE-2009-1191
Summary mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
rhas Important https://access.redhat.com/errata/RHSA-2009:1058
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.00359 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.04776 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.04776 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.04776 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.04776 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.05134 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
epss 0.07341 https://api.first.org/data/v1/epss?cve=CVE-2009-1191
rhbs low https://bugzilla.redhat.com/show_bug.cgi?id=496801
apache_httpd important https://httpd.apache.org/security/json/CVE-2009-1191.json
cvssv2 5.0 https://nvd.nist.gov/vuln/detail/CVE-2009-1191
Reference id Reference type URL
http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html
http://osvdb.org/53921
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2009-1191.json
https://api.first.org/data/v1/epss?cve=CVE-2009-1191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1191
http://secunia.com/advisories/34827
http://secunia.com/advisories/35395
http://secunia.com/advisories/35721
http://security.gentoo.org/glsa/glsa-200907-04.xml
https://exchange.xforce.ibmcloud.com/vulnerabilities/50059
https://issues.apache.org/bugzilla/show_bug.cgi?id=46949
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r7dd6be4dc38148704f2edafb44a8712abaa3a2be120d6c3314d55919%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r84d043c2115176958562133d96d851495d712aa49da155d81f6733be%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rc4c53a0d57b2771ecd4b965010580db355e38137c8711311ee1073a8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8261
http://support.apple.com/kb/HT3937
http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?r1=766938&r2=767089
http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff
http://www.mandriva.com/security/advisories?name=MDVSA-2009:102
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpuapr2013-1899555.html
http://www.securityfocus.com/bid/34663
http://www.securitytracker.com/id?1022264
http://www.ubuntu.com/usn/usn-787-1
http://www.vupen.com/english/advisories/2009/1147
http://www.vupen.com/english/advisories/2009/3184
496801 https://bugzilla.redhat.com/show_bug.cgi?id=496801
cpe:2.3:a:apache:apache_http_server:2.2.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:apache_http_server:2.2.11:*:*:*:*:*:*:*
cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:http_server:2.2.11:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:9.04:*:*:*:*:*:*:*
CVE-2009-1191 https://httpd.apache.org/security/json/CVE-2009-1191.json
CVE-2009-1191 https://nvd.nist.gov/vuln/detail/CVE-2009-1191
GLSA-200907-04 https://security.gentoo.org/glsa/200907-04
RHSA-2009:1058 https://access.redhat.com/errata/RHSA-2009:1058
USN-787-1 https://usn.ubuntu.com/787-1/
No exploits are available.
Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2009-1191
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.72681
EPSS Score 0.00359
Published At Nov. 1, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.