Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-qz2f-en48-3ybv
Vulnerability ID VCID-qz2f-en48-3ybv
Aliases CVE-2011-3639
Summary The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
Status Published
Exploitability 2.0
Weighted Severity 0.1
Risk 0.2
Affected and Fixed Packages Package Details
Weaknesses (0)
There are no known CWE.
System Score Found at
epss 0.09764 https://api.first.org/data/v1/epss?cve=CVE-2011-3639
epss 0.09764 https://api.first.org/data/v1/epss?cve=CVE-2011-3639
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2011-3639.json
https://api.first.org/data/v1/epss?cve=CVE-2011-3639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3639
752080 https://bugzilla.redhat.com/show_bug.cgi?id=752080
CVE-2011-3639;OSVDB-77444 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/linux/remote/36663.txt
CVE-2011-3639;OSVDB-77444 Exploit https://www.securityfocus.com/bid/51869/info
RHSA-2012:0128 https://access.redhat.com/errata/RHSA-2012:0128
RHSA-2012:0323 https://access.redhat.com/errata/RHSA-2012:0323
Data source Exploit-DB
Date added Feb. 6, 2012
Description Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass
Ransomware campaign use Known
Source publication date Feb. 6, 2012
Exploit type remote
Platform linux
Source update date Jan. 31, 2017
Source URL https://www.securityfocus.com/bid/51869/info
There are no known vectors.
Exploit Prediction Scoring System (EPSS)
Percentile 0.93094
EPSS Score 0.09764
Published At June 4, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:27:43.970090+00:00 Debian Importer Import https://security-tracker.debian.org/tracker/data/json 38.6.0