Apache HTTPD mod_proxy Information Disclosure (CVE-2011-3368)

An information disclosure vulnerability has been reported in Apache httpd server. The vulnerability is due to insufficient input validation by the server while using the RewriteRule or ProxyPassMatch directives. A remote attacker may exploit this vulnerability by sending a series of specially...

Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure

An additional exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web...

Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC

No description provided by source. !/usr/bin/env python import socket import string import getopt, sys knownports = 0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080 def sendrequesturl, apachetarget, apacheport, internaltarget, internalport, resource: get = "GET " + url + "@" +...

Apache mod_proxy - Reverse Proxy Exposure

!/usr/bin/env python import socket import string import getopt, sys knownports = 0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080 def sendrequesturl, apachetarget, apacheport, internaltarget, internalport, resource: get = "GET " + url + "@" + internaltarget + ":" + internalport...

Apache mod_proxy Proof Of Concept

!/usr/bin/env python import socket import string import getopt, sys knownports = 0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080 def sendrequesturl, apachetarget, apacheport, internaltarget, internalport, resource: get = "GET " + url + "@" + internaltarget + ":" + internalport...

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

Apache HTTP Server is prone to an information disclosure vulnerability. Copyright C 2011 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

Apache mod_proxy - Reverse Proxy Exposure

Apache modproxy - Reverse Proxy Exposure !/usr/bin/env python import socket import string import getopt, sys knownports = 0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080 def sendrequesturl, apachetarget, apacheport, internaltarget, internalport, resource: get = "GET " + url +...

Apache HTTP Server 'mod_proxy' Reverse Proxy Information Disclosure Vulnerability

Apache HTTP Server is prone to an information disclosure vulnerability. An attacker can exploit this vulnerability to gain access to sensitive information. OpenVAS Vulnerability Test $Id: gbapache49957.nasl 5424 2017-02-25 16:52:36Z teissa $ Apache HTTP Server 'modproxy' Reverse Proxy Information...

Mandriva Update for apache MDVSA-2011:144 (apache)

Check for the Version of apache OpenVAS Vulnerability Test Mandriva Update for apache MDVSA-2011:144 apache Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC

Exploit for multiple platform in category remote exploits !/usr/bin/env python import socket import string import getopt, sys knownports = 0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080 def sendrequesturl, apachetarget, apacheport, internaltarget, internalport, resource: get ...

Mandriva Update for apache MDVSA-2011:144 (apache)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

Apache HTTP Server 'mod_proxy'反向代理信息泄露漏洞

Bugtraq ID: 49957 CVE ID：CVE-2011-3368 Apache HTTP Server是一款开放源代码的HTTPD服务程序。 Apache HTTP Server modproxy模块存在安全漏洞，允许恶意用户绕过部分安全限制。 当modproxy模块配置以反向代理模式时受此漏洞影响，由于不正确处理部分WEB请求，攻击者构建特制的URL可向代理后的不可期服务器发送恶意请求。 要成功利用漏洞需要使用具有一定的模式匹配的"ProxyPassMatch"和"RewriteRule"配置命令。 Apache 2.0.x Apache 2.2.x 厂商解决方案...

CVE-2011-3368

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...

CVE-2011-3368

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...

Design/Logic Flaw

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...

CVE-2011-3368

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...

CVE-2011-3368

The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...

CVE-2011-3368

CVE-2011-3368 affects the Apache HTTP Server’s mod_proxy in reverse-proxy configurations. The vulnerability arises when using (1) RewriteRule with the [P] flag or (2) ProxyPassMatch; a remote attacker can craft a URI starting with an initial @ character to force the proxy to connect to an interna...

Apache 1.3 -- mod_proxy reverse proxy exposure

Apache HTTP server project reports: An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...

apache -- multiple vulnerabilities

CVE MITRE reports: An exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from...