Rapid7 Vulnerability & Exploit Database

IBM HTTP Server: CVE-2011-3639: Potential pattern expansion problem when mod_proxy and mod_rewrite are used together.

Back to Search

IBM HTTP Server: CVE-2011-3639: Potential pattern expansion problem when mod_proxy and mod_rewrite are used together.

Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
11/29/2011
Created
07/25/2018
Added
06/22/2018
Modified
06/22/2018

Description

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

Solution(s)

  • ibm-http_server-apply-fix-pack-8_0_0_2
  • ibm-http_server-apply-interim-fix-pm48384-for-8_0

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;