Rapid7 Vulnerability & Exploit Database

Apache HTTPD: mod_proxy reverse proxy exposure (CVE-2011-3368)

Back to Search

Apache HTTPD: mod_proxy reverse proxy exposure (CVE-2011-3368)

Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
10/05/2011
Created
07/25/2018
Added
04/12/2012
Modified
01/13/2022

Description

An exposure was found when using mod_proxy in reverse proxy mode. In certain configurations using RewriteRule with proxy flag or ProxyPassMatch, a remote attacker could cause the reverse proxy to connect to an arbitrary server, possibly disclosing sensitive information from internal web servers not directly accessible to attacker. No update of 1.3 will be released. Patches will be published to https://archive.apache.org/dist/httpd/patches/apply_to_1.3.42/

Solution(s)

  • apache-httpd-cve-2011-3368-1-3-patch
  • apache-httpd-upgrade-1_3
  • apache-httpd-upgrade-2_0_65
  • apache-httpd-upgrade-2_2_22

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;