Apache Httpd < 2.2.22: mod_proxy reverse proxy exposure

2011-10-20T00:00:00
ID HTTPD:88E68CACB31D67F6D6972262B72F26CE
Type httpd
Reporter Prutha Parikh of Qualys
Modified 2012-01-31T00:00:00

Description

An additional exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker.