CVE-2011-4317

The CVE-2011-4317 issue concerns Apache HTTP Server in reverse proxy configurations (ProxyPassMatch/RewriteRule with [P]). It enables remote access to intranet servers via a malformed URI containing @ and : when the Revision 1179239 patch is applied, reflecting an incomplete fix for CVE-2011-3368...

CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

CVE-2011-3639

The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...

PT-2011-4554 · Apache +3 · Apache Http Server +3

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.0.x through 2.0.64 Apache HTTP Server versions 2.2.x before 2.2.18 Description: The issue arises from the mod proxy module's improper interaction with RewriteRule and ProxyPassMatch pattern matches when configure...

reverse-index NSE Script

Creates a reverse index at the end of scan output showing which hosts run a particular service. This is in addition to Nmap's normal output listing the services on each host. Script Arguments reverse-index.mode the output display mode, can be either horizontal or vertical default: horizontal...

Apache HTTP Server mod_proxy Reverse Proxy Information Disclosure

The version of Apache HTTP Server running on the remote host is affected by an information disclosure vulnerability. When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web server to proxy requests to arbitrary hosts. This allows a...

New Apache Reverse Proxy Flaw Allows Access to Internal Network

New Apache Reverse Proxy Flaw Allows Access to Internal Network Apache acknowledged another reverse proxy issue CVE-2011-4317 which was discovered by Apache developer from Red Hat while creating a QualysGuard vulnerability signature for an older problem CVE-2011-3368. Depending on the reverse pro...

New Apache Reverse Proxy Flaw Allows Access to Internal Network

New Apache Reverse Proxy Flaw Allows Access to Internal Network Apache acknowledged another reverse proxy issue CVE-2011-4317 which was discovered by Apache developer from Red Hat while creating a QualysGuard vulnerability signature for an older problem CVE-2011-3368. Depending on the reverse pro...

New Apache Reverse Proxy Issue Uncovered

A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said. Prutha Parikh, vulnerability signature engineer at Qualys, blogged that she uncovered the issue while creating a...

http-vuln-cve2011-3368 NSE Script

Tests for the CVE-2011-3368 Reverse Proxy Bypass vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: the loopback test, with 3 payloads to handle different rewrite rules the internal hosts test. According to Contextis, we expect a delay before a server error. Th...

Researchers Crack Siri Protocol

Researchers cracked the pride of Apple’s latest iPhone iteration yesterday, reverse-engineering the language processing, interactive personal assistant application called Siri. On their blog, the researchers from Applidium posted a demo and directions that will allow users to install and use the...

Ubuntu Update for apache2 USN-1259-1

Ubuntu Update for Linux kernel vulnerabilities USN-1259-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12591.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for apache2 USN-1259-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : apache2, apache2-mpm-itk vulnerabilities (USN-1259-1)

It was discovered that the modproxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external...

Aviosoft Digital TV Player Professional 1.x - Local Stack Buffer Overflow

Exploit Title: Aviosoft Digital TV Player Professional 1.x Stack Buffer Overflow Author: modpr0be Software Download: http://www.aviosoft.com/download.php?product=dtvplayerpro Date: 08/11/2011 Tested on: Windows XP SP3, Windows 7 SP1 Thanks: corelanc0d3r, cyb3r.anbu, otoy, sickness, 5m7x,...

Sqlninja 0.2.6 is now available

Sqlninja 0.2.6 is now available Sqlninja's goal is to exploit SQL injection vulnerabilities on web applications that use Microsoft SQL Server as back end. It is released under the GPLv3.There are a lot of other SQL injection tools out there but sqlninja, instead of extracting the data, focuses on...

apache2: Fixed several security issues (important)

This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack CVE-2011-3192 was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded,...

Virtual Machine for Android Reverse Engineering (A.R.E) Released

Virtual Machine for Android Reverse Engineering A.R.E Released The Honeynet Project release of the Android Reverse Engineering A.R.E. Virtual Machine. Do you need to analyze a piece of Android malware, but dont have all your analysis tools at hand? The Android Reverse Engineering A.R.E. Virtual...

Virtual Machine for Android Reverse Engineering (A.R.E) Released

Virtual Machine for Android Reverse Engineering A.R.E Released The Honeynet Project release of the Android Reverse Engineering A.R.E. Virtual Machine. Do you need to analyze a piece of Android malware, but dont have all your analysis tools at hand? The Android Reverse Engineering A.R.E. Virtual...

Android Reverse Engineering Toolset Debuts

The Android platform has become one of the go-to choices for developers and device manufacturers in the last year or so, and that popularity has of course attracted the attention of attackers who have been busily coding up as much malware as they can for the platform. They’ve been quite successfu...

Medium: httpd

Issue Overview: It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make...