Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: InfoSec Handlers Diary Blog - Apache HTTP Server mod_proxy reverse proxy issue InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

Apache HTTP Server mod_proxy reverse proxy issue

Published: 2011-10-06
Last Updated: 2011-10-06 12:30:38 UTC
by Rob VandenBrink (Version: 1)
0 comment(s)

The reverse proxy feature (mod_proxy) has a new vulnerability.  If pattern matching is used, a crafted attack (using invalid inputs - even though this does not involve SQL the "Little Bobby Tables" XKCD comes to mind again, for like the 3rd time this week ! ) can expose information on internal hosts.

Full details (and remediation) here ==>

Patch is available for 2.2.21 here==>

the CVE is pretty sparse, but look for more content soon ==> CVE-2011-3368

Rob VandenBrink

Keywords: apache CVE20113368
0 comment(s)
Diary Archives