Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3368

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-3368
Last Modified 14 Apr 2015 09:59:23
Published 05 Oct 2011 06:55:02
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3368

Summary

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

Vulnerable Systems

Application

  • Apache Http Server 1.3

  • Apache Http Server 1.3.0

  • Apache Http Server 1.3.1

  • Apache Http Server 1.3.1.1

  • Apache Http Server 1.3.10

  • Apache Http Server 1.3.11

  • Apache Http Server 1.3.12

  • Apache Http Server 1.3.13

  • Apache Http Server 1.3.14

  • Apache Http Server 1.3.15

  • Apache Http Server 1.3.16

  • Apache Http Server 1.3.17

  • Apache Http Server 1.3.18

  • Apache Http Server 1.3.19

  • Apache Http Server 1.3.2

  • Apache Http Server 1.3.20

  • Apache Http Server 1.3.22

  • Apache Http Server 1.3.23

  • Apache Http Server 1.3.24

  • Apache Http Server 1.3.25

  • Apache Http Server 1.3.26

  • Apache Http Server 1.3.27

  • Apache Http Server 1.3.28

  • Apache Http Server 1.3.29

  • Apache Http Server 1.3.3

  • Apache Http Server 1.3.30

  • Apache Http Server 1.3.31

  • Apache Http Server 1.3.32

  • Apache Http Server 1.3.33

  • Apache Http Server 1.3.34

  • Apache Http Server 1.3.35

  • Apache Http Server 1.3.36

  • Apache Http Server 1.3.37

  • Apache Http Server 1.3.38

  • Apache Http Server 1.3.39

  • Apache Http Server 1.3.4

  • Apache Http Server 1.3.41

  • Apache Http Server 1.3.42

  • Apache Http Server 1.3.5

  • Apache Http Server 1.3.6

  • Apache Http Server 1.3.65

  • Apache Http Server 1.3.68

  • Apache Http Server 1.3.7

  • Apache Http Server 1.3.8

  • Apache Http Server 1.3.9

  • Apache Http Server 2.0

  • Apache Http Server 2.0.28

  • Apache Http Server 2.0.32

  • Apache Http Server 2.0.34

  • Apache Http Server 2.0.35

  • Apache Http Server 2.0.36

  • Apache Http Server 2.0.37

  • Apache Http Server 2.0.38

  • Apache Http Server 2.0.39

  • Apache Http Server 2.0.40

  • Apache Http Server 2.0.41

  • Apache Http Server 2.0.42

  • Apache Http Server 2.0.43

  • Apache Http Server 2.0.44

  • Apache Http Server 2.0.45

  • Apache Http Server 2.0.46

  • Apache Http Server 2.0.47

  • Apache Http Server 2.0.48

  • Apache Http Server 2.0.49

  • Apache Http Server 2.0.50

  • Apache Http Server 2.0.51

  • Apache Http Server 2.0.52

  • Apache Http Server 2.0.53

  • Apache Http Server 2.0.54

  • Apache Http Server 2.0.55

  • Apache Http Server 2.0.56

  • Apache Http Server 2.0.57

  • Apache Http Server 2.0.58

  • Apache Http Server 2.0.59

  • Apache Http Server 2.0.60

  • Apache Http Server 2.0.61

  • Apache Http Server 2.0.63

  • Apache Http Server 2.0.64

  • Apache Http Server 2.0.9

  • Apache Http Server 2.2.0

  • Apache Http Server 2.2.1

  • Apache Http Server 2.2.10

  • Apache Http Server 2.2.11

  • Apache Http Server 2.2.12

  • Apache Http Server 2.2.13

  • Apache Http Server 2.2.14

  • Apache Http Server 2.2.15

  • Apache Http Server 2.2.16

  • Apache Http Server 2.2.18

  • Apache Http Server 2.2.19

  • Apache Http Server 2.2.2

  • Apache Http Server 2.2.20

  • Apache Http Server 2.2.21

  • Apache Http Server 2.2.3

  • Apache Http Server 2.2.4

  • Apache Http Server 2.2.6

  • Apache Http Server 2.2.8

  • Apache Http Server 2.2.9


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=740045

MLIST - [announce] 20111005 Advisory: mod_proxy reverse proxy exposure (CVE-2011-3368)

CONFIRM - http://svn.apache.org/viewvc?view=revision&revision=1179239

XF - apache-modproxy-information-disclosure(70336)

SECTRACK - 1026144

BID - 49957

REDHAT - RHSA-2011:1392

REDHAT - RHSA-2011:1391

MANDRIVA - MDVSA-2011:144

EXPLOIT-DB - 17969

MISC - http://www.contextis.com/research/blog/reverseproxybypass/

AIXAPAR - SE49724

AIXAPAR - SE49723

SECUNIA - 46414

SECUNIA - 46288

FULLDISC - 20111005 Context IS Advisory - Apache Reverse Proxy Bypass Vulnerability

FULLDISC - 20111005 Apache HTTP Server: mod_proxy reverse proxy exposure (CVE-2011-3368)

OSVDB - 76079

SUSE - SUSE-SU-2011:1229

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html

SECUNIA - 48551

CONFIRM - http://support.apple.com/kb/HT5501

APPLE - APPLE-SA-2012-09-19-2

HP - HPSBOV02822

HP - SSRT100966

SUSE - openSUSE-SU-2013:0248

SUSE - openSUSE-SU-2013:0243

CONFIRM - http://kb.juniper.net/JSA10585

MANDRIVA - MDVSA-2013:150

CONFIRM - http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html

BUGTRAQ - 20150402 NEW : VMSA-2015-0003 VMware product updates address critical information disclosure issue in JRE

MISC - http://packetstormsecurity.com/files/131271/VMware-Security-Advisory-2015-0003.html

Related Patches

Apple 2012-09-19 Mac OS X Server 10.7.5 Update

Apple 2012-09-19 Mac OS X 10.7.5 Update

Apple 2012-09-19 Mac OS X Server 10.7.5 Combo Update

Apple 2012-09-19 Mac OS X 10.7.5 Combo Update

Apple 2012-09-19 Security Update 2012-004 Server (Snow Leopard)

Apple 2012-09-19 Security Update 2012-004 (Snow Leopard)

Novell SUSE 2011:5482 apache2 security update for SLES 11 SP1 i586

Novell SUSE 2011:5482 apache2 security update for SLES 11 SP1 x86_64

Novell SUSE 2011:7882 apache2 security update for SLES 10 SP4 i586

Novell SUSE 2011:7882 apache2 security update for SLES 10 SP4 x86_64


Last Updated: 27 May 2016 10:57:22