719 matches found
CVE-2011-4317
The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...
CVE-2011-3639
The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...
Design/Logic Flaw
The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...
Design/Logic Flaw
The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...
CVE-2011-3639
CVE-2011-3639 affects the Apache HTTP Server mod_proxy when using reverse proxy configurations (RewriteRule/ProxyPassMatch). The initial fix for CVE-2011-3368 did not fully address the issue, allowing a remote attacker to connect to an intranet/hidden server by sending HTTP/0.9 with a malformed U...
CVE-2011-4317
The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...
CVE-2011-4317
The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...
CVE-2011-3639
The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...
CVE-2011-4317
The CVE-2011-4317 issue concerns Apache HTTP Server in reverse proxy configurations (ProxyPassMatch/RewriteRule with [P]). It enables remote access to intranet servers via a malformed URI containing @ and : when the Revision 1179239 patch is applied, reflecting an incomplete fix for CVE-2011-3368...
CVE-2011-3639
The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...
PT-2011-4554 · Apache +3 · Apache Http Server +3
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.0.x through 2.0.64 Apache HTTP Server versions 2.2.x before 2.2.18 Description: The issue arises from the mod proxy module's improper interaction with RewriteRule and ProxyPassMatch pattern matches when configure...
Apache HTTP Server mod_proxy Reverse Proxy Information Disclosure
The version of Apache HTTP Server running on the remote host is affected by an information disclosure vulnerability. When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web server to proxy requests to arbitrary hosts. This allows a...
Apache HTTP Server mod_proxy反向代理模式安全限制绕过漏洞
BUGTRAQ ID: 50802 CVE ID: CVE-2011-4317 Apache HTTP Server是Apache软件基金会的一个开放源代码的网页服务器,可以在大多数电脑操作系统中运行,由于其跨平台和安全性被广泛使用,是最流行的Web服务器端软件之一。 Apache HTTP Server在反向代理模式中配置modproxy模块时错误地处理了某些Web请求,可通过特制的URL向代理后方的服务器发送请求,从而绕过某些安全限制。 Apache 2.2.x Apache 2.0.x 厂商补丁: Apache Group ------------...
Apache 7.0.x mod_proxy - Reverse Proxy Security Bypass
source: https://www.securityfocus.com/bid/50802/info Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications. The following example patterns are...
Apache 7.0.x mod_proxy - Reverse Proxy Security Bypass
Apache 7.0.x modproxy - Reverse Proxy Security Bypass source: https://www.securityfocus.com/bid/50802/info Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about runnin...
FreeBSD : Apache 1.3 -- mod_proxy reverse proxy exposure (d8c901ff-0f0f-11e1-902b-20cf30e32f6d)
Apache HTTP server project reports : An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...
USN-1259-1: Apache vulnerabilities
It was discovered that the modproxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external...
Ubuntu Update for apache2 USN-1259-1
Ubuntu Update for Linux kernel vulnerabilities USN-1259-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12591.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for apache2 USN-1259-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : apache2, apache2-mpm-itk vulnerabilities (USN-1259-1)
It was discovered that the modproxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external...
Ubuntu: Security Advisory (USN-1259-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...