Описание
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Certificate System 7.3 | httpd | Will not fix | ||
| Red Hat Directory Server 8 | httpd | Will not fix | ||
| Red Hat Enterprise Linux 4 | httpd | Fixed | RHSA-2011:1392 | 20.10.2011 |
| Red Hat Enterprise Linux 5 | httpd | Fixed | RHSA-2011:1392 | 20.10.2011 |
| Red Hat Enterprise Linux 6 | httpd | Fixed | RHSA-2011:1391 | 20.10.2011 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 5 | httpd | Fixed | RHSA-2012:0542 | 07.05.2012 |
| Red Hat JBoss Enterprise Web Server 1 for RHEL 6 | httpd | Fixed | RHSA-2012:0542 | 07.05.2012 |
| Red Hat JBoss Web Server 1.0 | Fixed | RHSA-2012:0543 | 07.05.2012 |
Показывать по
Дополнительная информация
Статус:
EPSS
2.6 Low
CVSS2
Связанные уязвимости
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2 ...
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
ELSA-2011-1392: httpd security and bug fix update (MODERATE)
EPSS
2.6 Low
CVSS2