[Bug 877740] [NEW] CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure
Michael Jeanson
mjeanson at revolutionlinux.com
Tue Oct 18 20:53:44 UTC 2011
*** This bug is a security vulnerability ***
Public security bug reported:
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42,
2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly
interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern
matches for configuration of a reverse proxy, which allows remote
attackers to send requests to intranet servers via a malformed URI
containing an initial @ (at sign) character.
** Affects: apache2 (Ubuntu)
Importance: Undecided
Status: New
** Visibility changed to: Public
** CVE added: http://www.cve.mitre.org/cgi-
bin/cvename.cgi?name=2011-3368
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to apache2 in Ubuntu.
https://bugs.launchpad.net/bugs/877740
Title:
CVE-2011-3368 Apache2 mod_proxy reverse proxy exposure
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/apache2/+bug/877740/+subscriptions
More information about the Ubuntu-server-bugs
mailing list