logo
DATABASE RESOURCES PRICING ABOUT US

Apache 2.4.x >= 2.4.7 / < 2.4.52 Forward Proxy DoS / SSRF

Description

The version of Apache httpd installed on the remote host is equal to or greater than 2.4.7 and prior to 2.4.52. It is, therefore, affected by a flaw related to acting as a forward proxy. A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.


Related