Release DateDec 13, 2011 |
Severitymedium |
ImpactInformation Disclosure: Remote attackers can gain sensitive information from vulnerable systems. |
DescriptionThis indicates an attack attempt to exploit a Resource Explosure vulnerability in Apache Server.The vulnerability is located in the "mod_proxy" module, which does not properly interact with "RewriteRule" and "ProxyPassMatch" pattern matches for configuration of a reverse proxy. It may allow remote attackers to access any intranet resources via a crafted URI. |
Affected ProductsApache HTTP Server 1.3.x through 1.3.42Apache HTTP Server 2.0.x through 2.0.64 Apache HTTP Server 2.2.x through 2.2.21 |
Recommended ActionsApply the patch, available from the web site.http://svn.apache.org/viewvc?view=revision&revision=1179239 |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2011-3368 |
Reference/shttp://www.exploit-db.com/exploits/17969/http://www.contextis.com/research/blog/reverseproxybypass/ |
