Rapid7 Vulnerability & Exploit Database

ELSA-2011-1392 Moderate: Oracle Linux httpd security and bug fix update

Free InsightVM Trial No credit card necessary

Watch Demo See how it all works

Back to Search

ELSA-2011-1392 Moderate: Oracle Linux httpd security and bug fix update

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:N/A:N)

Published

10/05/2011

Created

07/25/2018

Added

12/20/2011

Modified

04/11/2019

Description

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

Solution(s)

oracle-linux-upgrade-httpd
oracle-linux-upgrade-httpd-devel
oracle-linux-upgrade-httpd-manual
oracle-linux-upgrade-httpd-suexec
oracle-linux-upgrade-mod_ssl

References

https://attackerkb.com/topics/cve-2011-3368
APPLE-SA-2012-09-19-2
49957
CVE - 2011-3368
DSA-2405
RHSA-2011:1391
RHSA-2011:1392
RHSA-2012:0542
RHSA-2012:0543
http://oss.oracle.com/pipermail/el-errata/2011-October/002421.html
http://oss.oracle.com/pipermail/el-errata/2011-October/002422.html
70336

Advanced vulnerability management analytics and reporting.

Key Features

Free InsightVM Trial View All Features

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;