CVE-2011-4317 [Medium] | Input Validation Bypass in Http Server

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

EDB-ID	Source	Kind	Published	Link
36352	exploit_db	edb	2011-11-24	Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗
—	nvd_ref	exploit_tag		Exploit-DB ↗

EDB-ID

Source

Kind

Published

Link

36352

exploit_db

edb

2011-11-24

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

—

nvd_ref

exploit_tag

Exploit-DB ↗

#	Date	Old EPSS score	New EPSS score	Delta (New - Old)
1	2026-05-29	81.92%	79.45%	-2.47%
2	2026-03-19	84.29%	81.92%	-2.37%
3	2026-03-04	—	84.29%	—

Date

Old EPSS score

New EPSS score

Delta (New - Old)

2026-05-29

81.92%

79.45%

-2.47%

2026-03-19

84.29%

81.92%

-2.37%

2026-03-04

—

84.29%

—

Base score	Version	Severity	Vector	Exploitability	Impact	Score source
4.3	2.0	MEDIUM	`AV:N/AC:M/Au:N/C:N/I:P/A:N` Click to expand Access vector (AV:N) Can be exploited remotely over network reachability. Access complexity (AC:M) Exploitation needs some favorable conditions, but not exceptional ones. Authentication (AU:N) No authentication is required. Confidentiality impact (C:N) No confidentiality impact. Integrity impact (I:P) Partial integrity impact. Availability impact (A:N) No availability impact.	8.6	2.9	[email protected]

Base score

Version

Severity

Vector

Exploitability

Impact

Score source

4.3

2.0

MEDIUM

AV:N/AC:M/Au:N/C:N/I:P/A:N Click to expand

Access vector (AV:N): Can be exploited remotely over network reachability.
Access complexity (AC:M): Exploitation needs some favorable conditions, but not exceptional ones.
Authentication (AU:N): No authentication is required.
Confidentiality impact (C:N): No confidentiality impact.
Integrity impact (I:P): Partial integrity impact.
Availability impact (A:N): No availability impact.

8.6

2.9

[email protected]

OS Trackers for CVE-2011-4317

vendor	priority	summary	link
`debian`	not yet assigned	CVE-2011-4317 not yet assigned priority: Debian including 1 source packages (apache2), 5 status rows across 5 suites (bookworm, bullseye, forky, sid, trixie): resolved 5.	https://security-tracker.debian.org/tracker/CVE-2011-4317
`gentoo`	high	CVE-2011-4317: 1 GLSA(s) (201206-25), 1 atom(s) (www-servers/apache); latest impact high.	https://bugs.gentoo.org/buglist.cgi?quicksearch=CVE-2011-4317
`redhat`	medium	—	https://access.redhat.com/security/cve/CVE-2011-4317
`suse`	medium	CVE-2011-4317 severity moderate: SUSE including 93 source package names (apache2-2.2.12-1.28.1, apache2-2.2.12-1.38.2, …), 123 product×package rows across 25 product lines (SUSE Linux Enterprise High Performance Computing 12 SP5, SUSE Linux Enterprise Module for Server Applications 15, … (25 product lines)): Fixed 123.	https://www.suse.com/security/cve/CVE-2011-4317/
`ubuntu`	medium	CVE-2011-4317 medium priority: Ubuntu including 1 source packages (apache2), 6 status rows across 6 suites (hardy, lucid, maverick, natty, oneiric, upstream): released 5, needs-triage 1.	https://ubuntu.com/security/CVE-2011-4317

Affected software / configurations for CVE-2011-4317

Vendor	Product	Version	Raw CPE
apache	http_server	1.3	cpe:2.3:a:apache:http_server:1.3:::::::*
apache	http_server	1.3.0	cpe:2.3:a:apache:http_server:1.3.0:::::::*
apache	http_server	1.3.1	cpe:2.3:a:apache:http_server:1.3.1:::::::*
apache	http_server	1.3.1.1	cpe:2.3:a:apache:http_server:1.3.1.1:::::::*
apache	http_server	1.3.2	cpe:2.3:a:apache:http_server:1.3.2:::::::*
apache	http_server	1.3.3	cpe:2.3:a:apache:http_server:1.3.3:::::::*
apache	http_server	1.3.4	cpe:2.3:a:apache:http_server:1.3.4:::::::*
apache	http_server	1.3.5	cpe:2.3:a:apache:http_server:1.3.5:::::::*
apache	http_server	1.3.6	cpe:2.3:a:apache:http_server:1.3.6:::::::*
apache	http_server	1.3.7	cpe:2.3:a:apache:http_server:1.3.7:::::::*
apache	http_server	1.3.8	cpe:2.3:a:apache:http_server:1.3.8:::::::*
apache	http_server	1.3.9	cpe:2.3:a:apache:http_server:1.3.9:::::::*
apache	http_server	1.3.10	cpe:2.3:a:apache:http_server:1.3.10:::::::*
apache	http_server	1.3.11	cpe:2.3:a:apache:http_server:1.3.11:::::::*
apache	http_server	1.3.12	cpe:2.3:a:apache:http_server:1.3.12:::::::*
apache	http_server	1.3.13	cpe:2.3:a:apache:http_server:1.3.13:::::::*
apache	http_server	1.3.14	cpe:2.3:a:apache:http_server:1.3.14:::::::*
apache	http_server	1.3.15	cpe:2.3:a:apache:http_server:1.3.15:::::::*
apache	http_server	1.3.16	cpe:2.3:a:apache:http_server:1.3.16:::::::*
apache	http_server	1.3.17	cpe:2.3:a:apache:http_server:1.3.17:::::::*
apache	http_server	1.3.18	cpe:2.3:a:apache:http_server:1.3.18:::::::*
apache	http_server	1.3.19	cpe:2.3:a:apache:http_server:1.3.19:::::::*
apache	http_server	1.3.20	cpe:2.3:a:apache:http_server:1.3.20:::::::*
apache	http_server	1.3.22	cpe:2.3:a:apache:http_server:1.3.22:::::::*
apache	http_server	1.3.23	cpe:2.3:a:apache:http_server:1.3.23:::::::*
apache	http_server	1.3.24	cpe:2.3:a:apache:http_server:1.3.24:::::::*
apache	http_server	1.3.25	cpe:2.3:a:apache:http_server:1.3.25:::::::*
apache	http_server	1.3.26	cpe:2.3:a:apache:http_server:1.3.26:::::::*
apache	http_server	1.3.27	cpe:2.3:a:apache:http_server:1.3.27:::::::*
apache	http_server	1.3.28	cpe:2.3:a:apache:http_server:1.3.28:::::::*
apache	http_server	1.3.29	cpe:2.3:a:apache:http_server:1.3.29:::::::*
apache	http_server	1.3.30	cpe:2.3:a:apache:http_server:1.3.30:::::::*
apache	http_server	1.3.31	cpe:2.3:a:apache:http_server:1.3.31:::::::*
apache	http_server	1.3.32	cpe:2.3:a:apache:http_server:1.3.32:::::::*
apache	http_server	1.3.33	cpe:2.3:a:apache:http_server:1.3.33:::::::*
apache	http_server	1.3.34	cpe:2.3:a:apache:http_server:1.3.34:::::::*
apache	http_server	1.3.35	cpe:2.3:a:apache:http_server:1.3.35:::::::*
apache	http_server	1.3.36	cpe:2.3:a:apache:http_server:1.3.36:::::::*
apache	http_server	1.3.37	cpe:2.3:a:apache:http_server:1.3.37:::::::*
apache	http_server	1.3.38	cpe:2.3:a:apache:http_server:1.3.38:::::::*
apache	http_server	1.3.39	cpe:2.3:a:apache:http_server:1.3.39:::::::*
apache	http_server	1.3.41	cpe:2.3:a:apache:http_server:1.3.41:::::::*
apache	http_server	1.3.42	cpe:2.3:a:apache:http_server:1.3.42:::::::*
apache	http_server	1.3.65	cpe:2.3:a:apache:http_server:1.3.65:::::::*
apache	http_server	1.3.68	cpe:2.3:a:apache:http_server:1.3.68:::::::*
apache	http_server	2.0	cpe:2.3:a:apache:http_server:2.0:::::::*
apache	http_server	2.0.9	cpe:2.3:a:apache:http_server:2.0.9:::::::*
apache	http_server	2.0.28	cpe:2.3:a:apache:http_server:2.0.28:::::::*
apache	http_server	2.0.28	cpe:2.3:a:apache:http_server:2.0.28:beta::::::
apache	http_server	2.0.32	cpe:2.3:a:apache:http_server:2.0.32:::::::*
apache	http_server	2.0.32	cpe:2.3:a:apache:http_server:2.0.32:beta::::::
apache	http_server	2.0.34	cpe:2.3:a:apache:http_server:2.0.34:beta::::::
apache	http_server	2.0.35	cpe:2.3:a:apache:http_server:2.0.35:::::::*
apache	http_server	2.0.36	cpe:2.3:a:apache:http_server:2.0.36:::::::*
apache	http_server	2.0.37	cpe:2.3:a:apache:http_server:2.0.37:::::::*
apache	http_server	2.0.38	cpe:2.3:a:apache:http_server:2.0.38:::::::*
apache	http_server	2.0.39	cpe:2.3:a:apache:http_server:2.0.39:::::::*
apache	http_server	2.0.40	cpe:2.3:a:apache:http_server:2.0.40:::::::*
apache	http_server	2.0.41	cpe:2.3:a:apache:http_server:2.0.41:::::::*
apache	http_server	2.0.42	cpe:2.3:a:apache:http_server:2.0.42:::::::*
apache	http_server	2.0.43	cpe:2.3:a:apache:http_server:2.0.43:::::::*
apache	http_server	2.0.44	cpe:2.3:a:apache:http_server:2.0.44:::::::*
apache	http_server	2.0.45	cpe:2.3:a:apache:http_server:2.0.45:::::::*
apache	http_server	2.0.46	cpe:2.3:a:apache:http_server:2.0.46:::::::*
apache	http_server	2.0.47	cpe:2.3:a:apache:http_server:2.0.47:::::::*
apache	http_server	2.0.48	cpe:2.3:a:apache:http_server:2.0.48:::::::*
apache	http_server	2.0.49	cpe:2.3:a:apache:http_server:2.0.49:::::::*
apache	http_server	2.0.50	cpe:2.3:a:apache:http_server:2.0.50:::::::*
apache	http_server	2.0.51	cpe:2.3:a:apache:http_server:2.0.51:::::::*
apache	http_server	2.0.52	cpe:2.3:a:apache:http_server:2.0.52:::::::*
apache	http_server	2.0.53	cpe:2.3:a:apache:http_server:2.0.53:::::::*
apache	http_server	2.0.54	cpe:2.3:a:apache:http_server:2.0.54:::::::*
apache	http_server	2.0.55	cpe:2.3:a:apache:http_server:2.0.55:::::::*
apache	http_server	2.0.56	cpe:2.3:a:apache:http_server:2.0.56:::::::*
apache	http_server	2.0.57	cpe:2.3:a:apache:http_server:2.0.57:::::::*
apache	http_server	2.0.58	cpe:2.3:a:apache:http_server:2.0.58:::::::*
apache	http_server	2.0.59	cpe:2.3:a:apache:http_server:2.0.59:::::::*
apache	http_server	2.0.60	cpe:2.3:a:apache:http_server:2.0.60:::::::*
apache	http_server	2.0.61	cpe:2.3:a:apache:http_server:2.0.61:::::::*
apache	http_server	2.0.63	cpe:2.3:a:apache:http_server:2.0.63:::::::*

References for CVE-2011-4317

URL	Tags
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
http://kb.juniper.net/JSA10585
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
http://marc.info/?l=bugtraq&m=133294460209056&w=2
http://marc.info/?l=bugtraq&m=134987041210674&w=2
http://rhn.redhat.com/errata/RHSA-2012-0128.html
http://secunia.com/advisories/48551
http://support.apple.com/kb/HT5501
http://thread.gmane.org/gmane.comp.apache.devel/46440	Exploit
http://www.debian.org/security/2012/dsa-2405
http://www.mandriva.com/security/advisories?name=MDVSA-2012:003
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
http://www.securitytracker.com/id?1026353
https://bugzilla.redhat.com/show_bug.cgi?id=756483
https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue	Exploit
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r476d175be0aaf4a17680ef98c5153b4d336eaef76fb2224cc94c463a%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9b4b963760a3cb5a4a70c902f325c6c0337fe51d5b8570416f8f8729%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rad01d817195e6cc871cb1d73b207ca326379a20a6e7f30febaf56d24%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E

URL

CVE-2011-4317

Public exploit references (Exploit-DB) for CVE-2011-4317

Exploit prediction scoring system (EPSS) score for CVE-2011-4317

Common vulnerability scoring system (CVSS) metrics for CVE-2011-4317

Weakness enumeration for CVE-2011-4317

OS Trackers for CVE-2011-4317

Affected software / configurations for CVE-2011-4317

References for CVE-2011-4317