CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

Apache HTTP Server mod_proxy Reverse Proxy Information Disclosure

The version of Apache HTTP Server running on the remote host is affected by an information disclosure vulnerability. When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web server to proxy requests to arbitrary hosts. This allows a...

CVE-2011-4317

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...

New Apache Reverse Proxy Issue Uncovered

A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said. Prutha Parikh, vulnerability signature engineer at Qualys, blogged that she uncovered the issue while creating a...

Apache HTTP Server mod_proxy反向代理模式安全限制绕过漏洞

BUGTRAQ ID: 50802 CVE ID: CVE-2011-4317 Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器，可以在大多数电脑操作系统中运行，由于其跨平台和安全性被广泛使用，是最流行的Web服务器端软件之一。 Apache HTTP Server在反向代理模式中配置modproxy模块时错误地处理了某些Web请求，可通过特制的URL向代理后方的服务器发送请求，从而绕过某些安全限制。 Apache 2.2.x Apache 2.0.x 厂商补丁： Apache Group ------------...

Apache HTTP Server 403 Error Page UTF-7 Encoded XSS

According to its banner, the version of Apache HTTP Server running on the remote host can be used in cross-site scripting XSS attacks. Making a specially crafted request can inject UTF-7 encoded script code into a 403 response page, resulting in XSS attacks. This is actually a web browser...

http-vuln-cve2011-3368 NSE Script

Tests for the CVE-2011-3368 Reverse Proxy Bypass vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: the loopback test, with 3 payloads to handle different rewrite rules the internal hosts test. According to Contextis, we expect a delay before a server error. Th...

Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability

Apache HTTP Server is prone to a local denial-of-service vulnerability because of a NULL-pointer dereference error or a memory exhaustion. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

Apache HTTP Server 'ap_pregsub()' Function Local Denial of Service Vulnerability

Apache HTTP Server is prone to a local denial-of-service vulnerability because of a NULL-pointer dereference error or a memory exhaustion. Local attackers can exploit this issue to trigger a NULL-pointer dereference or memory exhaustion, and cause a server crash, denying service to legitimate...

CentOS Update for nss CESA-2011:1444 centos4 i386

Check for the Version of nss OpenVAS Vulnerability Test CentOS Update for nss CESA-2011:1444 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

RedHat Update for nss RHSA-2011:1444-01

Check for the Version of nss OpenVAS Vulnerability Test RedHat Update for nss RHSA-2011:1444-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

CentOS Update for httpd CESA-2011:1392 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

RedHat Update for nss RHSA-2011:1444-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for nss CESA-2011:1444 centos4 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

CentOS Update for nss CESA-2011:1444 centos5 i386

Check for the Version of nss OpenVAS Vulnerability Test CentOS Update for nss CESA-2011:1444 centos5 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

CentOS Update for nss CESA-2011:1444 centos5 i386

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

nss security update

CentOS Errata and Security Advisory CESA-2011:1444 Merged security bulletin from advisories: https://lists.centos.org/pipermail/centos-announce/2011-November/080319.html https://lists.centos.org/pipermail/centos-announce/2011-November/080320.html...

CVE-2011-3607

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...

CVE-2011-3607

Integer overflow in the appregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the modsetenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with a crafted...