2150 matches found
CVE-2011-4317
The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...
CVE-2011-4317
The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which...
CVE-2011-4317
The CVE-2011-4317 issue concerns Apache HTTP Server in reverse proxy configurations (ProxyPassMatch/RewriteRule with [P]). It enables remote access to intranet servers via a malformed URI containing @ and : when the Revision 1179239 patch is applied, reflecting an incomplete fix for CVE-2011-3368...
CVE-2011-3639
The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...
CVE-2011-3639
The modproxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to...
PT-2011-4554 · Apache +3 · Apache Http Server +3
Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.0.x through 2.0.64 Apache HTTP Server versions 2.2.x before 2.2.18 Description: The issue arises from the mod proxy module's improper interaction with RewriteRule and ProxyPassMatch pattern matches when configure...
Apache HTTP Server mod_proxy Reverse Proxy Information Disclosure
The version of Apache HTTP Server running on the remote host is affected by an information disclosure vulnerability. When configured as a reverse proxy, improper use of the RewriteRule and ProxyPassMatch directives could cause the web server to proxy requests to arbitrary hosts. This allows a...
New Apache Reverse Proxy Flaw Allows Access to Internal Network
New Apache Reverse Proxy Flaw Allows Access to Internal Network Apache acknowledged another reverse proxy issue CVE-2011-4317 which was discovered by Apache developer from Red Hat while creating a QualysGuard vulnerability signature for an older problem CVE-2011-3368. Depending on the reverse pro...
New Apache Reverse Proxy Flaw Allows Access to Internal Network
New Apache Reverse Proxy Flaw Allows Access to Internal Network Apache acknowledged another reverse proxy issue CVE-2011-4317 which was discovered by Apache developer from Red Hat while creating a QualysGuard vulnerability signature for an older problem CVE-2011-3368. Depending on the reverse pro...
New Apache Reverse Proxy Issue Uncovered
A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said. Prutha Parikh, vulnerability signature engineer at Qualys, blogged that she uncovered the issue while creating a...
http-vuln-cve2011-3368 NSE Script
Tests for the CVE-2011-3368 Reverse Proxy Bypass vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: the loopback test, with 3 payloads to handle different rewrite rules the internal hosts test. According to Contextis, we expect a delay before a server error. Th...
Ubuntu Update for apache2 USN-1259-1
Ubuntu Update for Linux kernel vulnerabilities USN-1259-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN12591.nasl 7964 2017-12-01 07:32:11Z santu $ Ubuntu Update for apache2 USN-1259-1 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This...
Ubuntu 8.04 LTS / 10.04 LTS / 10.10 / 11.04 / 11.10 : apache2, apache2-mpm-itk vulnerabilities (USN-1259-1)
It was discovered that the modproxy module in Apache did not properly interact with the RewriteRule and ProxyPassMatch pattern matches in the configuration of a reverse proxy. This could allow remote attackers to contact internal webservers behind the proxy that were not intended for external...
apache2: Fixed several security issues (important)
This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack CVE-2011-3192 was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded,...
Medium: httpd
Issue Overview: It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests. In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make...
RedHat Update for httpd RHSA-2011:1392-01
Check for the Version of httpd OpenVAS Vulnerability Test RedHat Update for httpd RHSA-2011:1392-01 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms...
httpd: reverse web proxy vulnerability
The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...
httpd: reverse web proxy vulnerability
The modproxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of 1 RewriteRule and 2 ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to...
Moderate: Red Hat Security Advisory: httpd security and bug fix update
Updated httpd packages that fix two security issues and one bug are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity ratings...
Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure
An additional exposure was found when using modproxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web...