CVE-2009-1191

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Http Server 2.2.11	1
OS	Canonical Canonical Ubuntu Linux 9.04 Canonical Ubuntu Linux 8.10 Canonical Ubuntu Linux 8.04 Canonical Ubuntu Linux 6.06	4

Nessus

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_SECUPD2009-006.NASL
description	The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion
last seen	2020-06-01
modified	2020-06-02
plugin id	42433
published	2009-11-09
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42433
title	Mac OS X Multiple Vulnerabilities (Security Update 2009-006)
code	# # (C) Tenable Network Security, Inc. # if (!defined_func("bn_random")) exit(0); if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(42433); script_version("1.27"); script_cve_id( "CVE-2007-5707", "CVE-2007-6698", "CVE-2008-0658", "CVE-2008-5161", "CVE-2009-0023", "CVE-2009-1191", "CVE-2009-1195", "CVE-2009-1574", "CVE-2009-1632", "CVE-2009-1890", "CVE-2009-1891", "CVE-2009-1955", "CVE-2009-1956", "CVE-2009-2408", "CVE-2009-2409", "CVE-2009-2411", "CVE-2009-2412", "CVE-2009-2414", "CVE-2009-2416", "CVE-2009-2666", "CVE-2009-2808", "CVE-2009-2818", "CVE-2009-2819", "CVE-2009-2820", "CVE-2009-2823", "CVE-2009-2824", "CVE-2009-2825", "CVE-2009-2826", "CVE-2009-2827", "CVE-2009-2828", "CVE-2009-2829", "CVE-2009-2831", "CVE-2009-2832", "CVE-2009-2833", "CVE-2009-2834", "CVE-2009-2837", "CVE-2009-2838", "CVE-2009-2839", "CVE-2009-2840", "CVE-2009-3111", "CVE-2009-3291", "CVE-2009-3292", "CVE-2009-3293" ); script_bugtraq_id( 26245, 27778, 34663, 35115, 35221, 35251, 35565, 35623, 35888, 35983, 36263, 36449, 36959, 36961, 36962, 36963, 36964, 36966, 36967, 36972, 36973, 36975, 36977, 36978, 36979, 36982, 36985, 36988, 36990 ); script_name(english:"Mac OS X Multiple Vulnerabilities (Security Update 2009-006)"); script_summary(english:"Check for the presence of Security Update 2009-006"); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes various security issues." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.5 that does not have Security Update 2009-006 applied. This security update contains fixes for the following products : - AFP Client - Adaptive Firewall - Apache - Apache Portable Runtime - ATS - Certificate Assistant - CoreGraphics - CUPS - Dictionary - DirectoryService - Disk Images - Event Monitor - fetchmail - FTP Server - Help Viewer - International Components for Unicode - IOKit - IPSec - libsecurity - libxml - OpenLDAP - OpenSSH - PHP - QuickDraw Manager - QuickLook - FreeRADIUS - Screen Sharing - Spotlight - Subversion" ); script_set_attribute( attribute:"see_also", value:"http://support.apple.com/kb/HT3937" ); script_set_attribute( attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2009/Nov/msg00000.html" ); script_set_attribute( attribute:"see_also", value:"http://www.securityfocus.com/advisories/18255" ); script_set_attribute( attribute:"solution", value:"Install Security Update 2009-006 or later." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:H/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploited_by_malware", value:"true"); script_cwe_id(16, 20, 79, 119, 189, 200, 255, 264, 310, 399); script_set_attribute(attribute:"vuln_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"patch_publication_date", value:"2009/11/09"); script_set_attribute(attribute:"plugin_publication_date", value:"2009/11/09"); script_cvs_date("Date: 2018/07/16 12:48:31"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/MacOSX/packages", "Host/uname"); exit(0); } uname = get_kb_item("Host/uname"); if (!uname) exit(1, "The 'Host/uname' KB item is missing."); pat = "^.+Darwin.* ([0-9]+\.[0-9.]+).*$"; if (!ereg(pattern:pat, string:uname)) exit(1, "Can't identify the Darwin kernel version from the uname output ("+uname+")."); darwin = ereg_replace(pattern:pat, replace:"\1", string:uname); if (ereg(pattern:"^(9\.[0-8]\.)", string:darwin)) { packages = get_kb_item("Host/MacOSX/packages/boms"); if (!packages) exit(1, "The 'Host/MacOSX/packages/boms' KB item is missing."); if (egrep(pattern:"^com\.apple\.pkg\.update\.security\.(2009\.00[6-9]\|20[1-9][0-9]\.[0-9]+)\.bom", string:packages)) exit(0, "The host has Security Update 2009-006 or later installed and therefore is not affected."); else security_hole(0); } else exit(0, "The host is running Darwin kernel version "+darwin+" and therefore is not affected.");

NASL family	Ubuntu Local Security Checks
NASL id	UBUNTU_USN-787-1.NASL
description	Matthew Palmer discovered an underflow flaw in apr-util as included in Apache. An attacker could cause a denial of service via application crash in Apache using a crafted SVNMasterURI directive, .htaccess file, or when using mod_apreq2. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-0023) Sander de Boer discovered that mod_proxy_ajp would reuse connections when a client closed a connection without sending a request body. A remote attacker could exploit this to obtain sensitive response data. This issue only affected Ubuntu 9.04. (CVE-2009-1191) Jonathan Peatfield discovered that Apache did not process Includes options correctly. With certain configurations of Options and AllowOverride, a local attacker could use an .htaccess file to override intended restrictions and execute arbitrary code via a Server-Side-Include file. This issue affected Ubuntu 8.04 LTS, 8.10 and 9.04. (CVE-2009-1195) It was discovered that the XML parser did not properly handle entity expansion. A remote attacker could cause a denial of service via memory resource consumption by sending a crafted request to an Apache server configured to use mod_dav or mod_dav_svn. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-1955) C. Michael Pilato discovered an off-by-one buffer overflow in apr-util when formatting certain strings. For big-endian machines (powerpc, hppa and sparc in Ubuntu), a remote attacker could cause a denial of service or information disclosure leak. All other architectures for Ubuntu are not considered to be at risk. This issue only affected Ubuntu 6.06 LTS. (CVE-2009-1956). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	39371
published	2009-06-12
reporter	Ubuntu Security Notice (C) 2009-2019 Canonical, Inc. / NASL script (C) 2009-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/39371
title	Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 : apache2 vulnerabilities (USN-787-1)

NASL family	FreeBSD Local Security Checks
NASL id	FREEBSD_PKG_E15F2356913911DE8F42001AA0166822.NASL
description	Apache ChangeLog reports : CVE-2009-1891: Fix a potential Denial-of-Service attack against mod_deflate or other modules. CVE-2009-1195: Prevent the
last seen	2020-06-01
modified	2020-06-02
plugin id	40760
published	2009-08-25
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40760
title	FreeBSD : apache22 -- several vulnerabilities (e15f2356-9139-11de-8f42-001aa0166822)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2009-102.NASL
description	A vulnerability has been found and corrected in apache : mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request (CVE-2009-1191). This update provides fixes for that vulnerability.
last seen	2020-06-01
modified	2020-06-02
plugin id	48144
published	2010-07-30
reporter	This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/48144
title	Mandriva Linux Security Advisory : apache (MDVSA-2009:102)

NASL family	MacOS X Local Security Checks
NASL id	MACOSX_10_6_2.NASL
description	The remote host is running a version of Mac OS X 10.6.x that is prior to 10.6.2. Mac OS X 10.6.2 contains security fixes for the following products : - Adaptive Firewall - Apache - Apache Portable Runtime - Certificate Assistant - CoreMedia - CUPS - Dovecot - fetchmail - file - FTP Server - Help Viewer - ImageIO - IOKit - IPSec - Kernel - Launch Services - libsecurity - libxml - Login Window - OpenLDAP - QuickDraw Manager - QuickTime - Screen Sharing - Subversion
last seen	2020-06-01
modified	2020-06-02
plugin id	42434
published	2009-11-09
reporter	This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/42434
title	Mac OS X 10.6.x < 10.6.2 Multiple Vulnerabilities

NASL family	Web Servers
NASL id	APACHE_2_2_12.NASL
description	According to its banner, the version of Apache 2.2.x. running on the remote host is prior to 2.2.12. It is, therefore, affected by the following vulnerabilities : - A heap-based buffer underwrite flaw exists in the function
last seen	2020-04-30
modified	2009-08-02
plugin id	40467
published	2009-08-02
reporter	This script is Copyright (C) 2009-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/40467
title	Apache 2.2.x < 2.2.12 Multiple Vulnerabilities

NASL family	Fedora Local Security Checks
NASL id	FEDORA_2009-8812.NASL
description	This update includes the latest release of the Apache HTTP Server, version 2.2.13, fixing several security issues: * Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects. (CVE-2009-1891) * Prevent the
last seen	2020-06-01
modified	2020-06-02
plugin id	40833
published	2009-09-02
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40833
title	Fedora 11 : httpd-2.2.13-1.fc11 (2009-8812)

NASL family	Slackware Local Security Checks
NASL id	SLACKWARE_SSA_2009-214-01.NASL
description	New httpd packages are available for Slackware 12.0, 12.1, 12.2, and -current to fix security issues.
last seen	2020-06-01
modified	2020-06-02
plugin id	40459
published	2009-08-03
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/40459
title	Slackware 12.0 / 12.1 / 12.2 / current : httpd (SSA:2009-214-01)

NASL family	Mandriva Local Security Checks
NASL id	MANDRIVA_MDVSA-2009-323.NASL
description	Multiple vulnerabilities has been found and corrected in apache : Memory leak in the zlib_stateful_init function in crypto/comp/c_zlib.c in libssl in OpenSSL 0.9.8f through 0.9.8h allows remote attackers to cause a denial of service (memory consumption) via multiple calls, as demonstrated by initial SSL client handshakes to the Apache HTTP Server mod_ssl that specify a compression algorithm (CVE-2008-1678). Note that this security issue does not really apply as zlib compression is not enabled in the openssl build provided by Mandriva, but apache is patched to address this issue anyway (conserns 2008.1 only). mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request (CVE-2009-1191). Cross-site scripting (XSS) vulnerability in proxy_ftp.c in the mod_proxy_ftp module in Apache 2.0.63 and earlier, and mod_proxy_ftp.c in the mod_proxy_ftp module in Apache 2.2.9 and earlier 2.2 versions, allows remote attackers to inject arbitrary web script or HTML via wildcards in a pathname in an FTP URI (CVE-2008-2939). Note that this security issue was initially addressed with MDVSA-2008:195 but the patch fixing the issue was added but not applied in 2009.0. The Apache HTTP Server 2.2.11 and earlier 2.2 versions does not properly handle Options=IncludesNOEXEC in the AllowOverride directive, which allows local users to gain privileges by configuring (1) Options Includes, (2) Options +Includes, or (3) Options +IncludesNOEXEC in a .htaccess file, and then inserting an exec element in a .shtml file (CVE-2009-1195). The stream_reqbody_cl function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server before 2.3.3, when a reverse proxy is configured, does not properly handle an amount of streamed data that exceeds the Content-Length value, which allows remote attackers to cause a denial of service (CPU consumption) via crafted requests (CVE-2009-1890). Fix a potential Denial-of-Service attack against mod_deflate or other modules, by forcing the server to consume CPU time in compressing a large file after a client disconnects (CVE-2009-1891). The ap_proxy_ftp_handler function in modules/proxy/proxy_ftp.c in the mod_proxy_ftp module in the Apache HTTP Server 2.0.63 and 2.2.13 allows remote FTP servers to cause a denial of service (NULL pointer dereference and child process crash) via a malformed reply to an EPSV command (CVE-2009-3094). The mod_proxy_ftp module in the Apache HTTP Server allows remote attackers to bypass intended access restrictions and send arbitrary commands to an FTP server via vectors related to the embedding of these commands in the Authorization HTTP header, as demonstrated by a certain module in VulnDisco Pack Professional 8.11. NOTE: as of 20090903, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes (CVE-2009-3095). Apache is affected by SSL injection or man-in-the-middle attacks due to a design flaw in the SSL and/or TLS protocols. A short term solution was released Sat Nov 07 2009 by the ASF team to mitigate these problems. Apache will now reject in-session renegotiation (CVE-2009-3555). Packages for 2008.0 are provided for Corporate Desktop 2008.0 customers This update provides a solution to these vulnerabilities.
last seen	2020-06-01
modified	2020-06-02
plugin id	43042
published	2009-12-08
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/43042
title	Mandriva Linux Security Advisory : apache (MDVSA-2009:323)

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-200907-04.NASL
description	The remote host is affected by the vulnerability described in GLSA-200907-04 (Apache: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in the Apache HTTP server: Jonathan Peatfield reported that the
last seen	2020-06-01
modified	2020-06-02
plugin id	39775
published	2009-07-13
reporter	This script is Copyright (C) 2009-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/39775
title	GLSA-200907-04 : Apache: Multiple vulnerabilities

Oval

accepted

2014-07-14T04:01:28.881-04:00

class

vulnerability

contributors

name J. Daniel Brown
organization DTCC
name Mike Lah
organization The MITRE Corporation
name Shane Shaffer
organization G2, Inc.
name Maria Mikhno
organization ALTX-SOFT

definition_extensions

comment	Apache HTTP Server 2.2.x is installed on the system
oval	oval:org.mitre.oval:def:8550

description

mod_proxy_ajp.c in the mod_proxy_ajp module in the Apache HTTP Server 2.2.11 allows remote attackers to obtain sensitive response data, intended for a client that sent an earlier POST request with no request body, via an HTTP request.

family

windows

id

oval:org.mitre.oval:def:8261

status

accepted

submitted

2010-03-08T17:30:00.000-05:00

title

Apache 'mod_proxy_ajp' Information Disclosure Vulnerability

version

11

Redhat

rpms

httpd-0:2.2.10-4.ep5.el5
httpd-debuginfo-0:2.2.10-4.ep5.el5
httpd-devel-0:2.2.10-4.ep5.el5
httpd-manual-0:2.2.10-4.ep5.el5
httpd22-0:2.2.10-16.1.ep5.el4
httpd22-apr-0:2.2.10-16.1.ep5.el4
httpd22-apr-devel-0:2.2.10-16.1.ep5.el4
httpd22-apr-util-0:2.2.10-16.1.ep5.el4
httpd22-apr-util-devel-0:2.2.10-16.1.ep5.el4
httpd22-debuginfo-0:2.2.10-16.1.ep5.el4
httpd22-devel-0:2.2.10-16.1.ep5.el4
mod_ssl-1:2.2.10-4.ep5.el5
mod_ssl22-1:2.2.10-16.1.ep5.el4

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 34663 CVE(CAN) ID: CVE-2009-1191 Apache HTTP Server是一款流行的Web服务器。 Apache服务器的mod_proxy_ajp模块在处理畸形的POST请求时存在错误，远程攻击者可以通过提交特制的HTTP请求泄露其他用户请求相关的响应数据。 Apache 2.2.11 Apache Group ------------ 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： <a href=http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff target=_blank rel=external nofollow>http://www.apache.org/dist/httpd/patches/apply_to_2.2.11/PR46949.diff</a>
id	SSV:5101
last seen	2017-11-19
modified	2009-04-25
published	2009-04-25
reporter	Root
title	Apache mod_proxy_ajp信息泄露漏洞

Vulnerabilities > CVE-2009-1191

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

Seebug

References

Vulnerabilities > CVE-2009-1191 {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"CVE-2009-1191"}]}

Summary

Vulnerable Configurations

Nessus

Oval

Redhat

Seebug

References

Vulnerabilities > CVE-2009-1191