User: Password:
Subscribe / Log in / New account

apache: mod_proxy reverse proxy exposure

Package(s):apache CVE #(s):CVE-2011-3368
Created:October 10, 2011 Updated:November 10, 2011
Description: From the Mandriva advisory:

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

openSUSE openSUSE-SU-2014:1647-1 apache2 2014-12-15
openSUSE openSUSE-SU-2013:0248-1 apache2 2013-02-05
openSUSE openSUSE-SU-2013:0243-1 apache2 2013-02-05
Gentoo 201206-25 apache 2012-06-24
Oracle ELSA-2012-0323 httpd 2012-03-09
Scientific Linux SL-http-20120306 httpd 2012-03-06
Fedora FEDORA-2012-1642 httpd 2012-03-06
Red Hat RHSA-2012:0323-01 httpd 2012-02-21
Fedora FEDORA-2012-1598 httpd 2012-02-21
Scientific Linux SL-http-20120214 httpd 2012-02-14
Oracle ELSA-2012-0128 httpd 2012-02-14
CentOS CESA-2012:0128 httpd 2012-02-14
Red Hat RHSA-2012:0128-01 httpd 2012-02-13
Slackware SSA:2012-041-01 apr 2012-02-10
openSUSE openSUSE-SU-2012:0212-1 apache2 2012-02-09
openSUSE openSUSE-SU-2012:0248-1 apache2 2012-02-09
Debian DSA-2405-1 apache2 2012-02-06
Ubuntu USN-1259-1 apache2, apache2-mpm-itk 2011-11-11
CentOS CESA-2011:1392 httpd 2011-11-09
openSUSE openSUSE-SU-2011:1217-1 apache2 2011-11-04
SUSE SUSE-SU-2011:1215-1 Apache2 2011-11-04
SUSE SUSE-SU-2011:1229-1 apache2 2011-11-09
Scientific Linux SL-http-20111020 httpd 2011-10-20
Scientific Linux SL-http-20111020 httpd 2011-10-20
CentOS CESA-2011:1392 httpd 2011-10-20
Red Hat RHSA-2011:1391-01 httpd 2011-10-20
Red Hat RHSA-2011:1392-01 httpd 2011-10-20
Mandriva MDVSA-2011:144 apache 2011-09-08

(Log in to post comments)

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds