Apache Httpd < None: mod_proxy reverse proxy exposure

2011-10-20T00:00:00
ID HTTPD:2ADBA0EAB3212DA4AB8E7A874BBA58E5
Type httpd
Reporter Prutha Parikh of Qualys
Modified 2012-01-22T00:00:00

Description

An additional exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker.