First published: Tue Sep 20 2011(Updated: )
RMDG partner and independent security consultancy, "Context Information Security" has made CPNI Response aware of a security vulnerability which could potentially allow an attacker to gain full internal access to a network from the internet. The technique exploits insecurely configured reverse web proxies to gain access to internal/DMZ systems. This attack is based on an Apache web server which is using "mod_rewrite" to proxy web requests internally. Other proxies may suffer from this issue. The vulnerability occurs if the Apache configuration file is configured like this: RewriteRule ^(.*) <a href="http://internalserver:80$1">http://internalserver:80$1</a> [P] As opposed to: RewriteRule ^(.*) <a href="http://internalserver:80/$1">http://internalserver:80/$1</a> [P] It is important for readers to review their reverse proxy configurations to ensure that the rewrite rules are securely configured and cannot be abused in such a way that they can be used to compromise internal systems.
Credit: secalert@redhat.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apache HTTP server | =1.3.38 | |
Apache HTTP server | =1.3.23 | |
Apache HTTP server | =1.3.27 | |
Apache HTTP server | =1.3.10 | |
Apache HTTP server | =1.3.33 | |
Apache HTTP server | =1.3.8 | |
Apache HTTP server | =1.3.36 | |
Apache HTTP server | =1.3.16 | |
Apache HTTP server | =1.3.1 | |
Apache HTTP server | =1.3.25 | |
Apache HTTP server | =1.3.28 | |
Apache HTTP server | =1.3.19 | |
Apache HTTP server | =1.3.31 | |
Apache HTTP server | =1.3.68 | |
Apache HTTP server | =1.3.24 | |
Apache HTTP server | =1.3.5 | |
Apache HTTP server | =1.3.20 | |
Apache HTTP server | =1.3.35 | |
Apache HTTP server | =1.3.6 | |
Apache HTTP server | =1.3.2 | |
Apache HTTP server | =1.3.34 | |
Apache HTTP server | =1.3.4 | |
Apache HTTP server | =1.3.13 | |
Apache HTTP server | =1.3.39 | |
Apache HTTP server | =1.3.30 | |
Apache HTTP server | =1.3.18 | |
Apache HTTP server | =1.3.65 | |
Apache HTTP server | =1.3.0 | |
Apache HTTP server | =1.3 | |
Apache HTTP server | =1.3.12 | |
Apache HTTP server | =1.3.3 | |
Apache HTTP server | =1.3.17 | |
Apache HTTP server | =1.3.1.1 | |
Apache HTTP server | =1.3.26 | |
Apache HTTP server | =1.3.9 | |
Apache HTTP server | =1.3.32 | |
Apache HTTP server | =1.3.15 | |
Apache HTTP server | =1.3.14 | |
Apache HTTP server | =1.3.42 | |
Apache HTTP server | =1.3.29 | |
Apache HTTP server | =1.3.22 | |
Apache HTTP server | =1.3.37 | |
Apache HTTP server | =1.3.11 | |
Apache HTTP server | =1.3.7 | |
Apache HTTP server | =1.3.41 | |
Apache HTTP server | =2.0.42 | |
Apache HTTP server | =2.0.64 | |
Apache HTTP server | =2.0.58 | |
Apache HTTP server | =2.0.47 | |
Apache HTTP server | =2.0.56 | |
Apache HTTP server | =2.0.50 | |
Apache HTTP server | =2.0.35 | |
Apache HTTP server | =2.0.37 | |
Apache HTTP server | =2.0.55 | |
Apache HTTP server | =2.0.44 | |
Apache HTTP server | =2.0.39 | |
Apache HTTP server | =2.0.52 | |
Apache HTTP server | =2.0.53 | |
Apache HTTP server | =2.0.57 | |
Apache HTTP server | =2.0.51 | |
Apache HTTP server | =2.0.28-beta | |
Apache HTTP server | =2.0.63 | |
Apache HTTP server | =2.0.41 | |
Apache HTTP server | =2.0.49 | |
Apache HTTP server | =2.0.9 | |
Apache HTTP server | =2.0.34-beta | |
Apache HTTP server | =2.0.61 | |
Apache HTTP server | =2.0.32 | |
Apache HTTP server | =2.0.38 | |
Apache HTTP server | =2.0.48 | |
Apache HTTP server | =2.0.45 | |
Apache HTTP server | =2.0.40 | |
Apache HTTP server | =2.0.36 | |
Apache HTTP server | =2.0.46 | |
Apache HTTP server | =2.0.54 | |
Apache HTTP server | =2.0.43 | |
Apache HTTP server | =2.0.59 | |
Apache HTTP server | =2.0.28 | |
Apache HTTP server | =2.0 | |
Apache HTTP server | =2.0.32-beta | |
Apache HTTP server | =2.0.60 | |
Apache HTTP server | =2.2.11 | |
Apache HTTP server | =2.2.0 | |
Apache HTTP server | =2.2.10 | |
Apache HTTP server | =2.2.13 | |
Apache HTTP server | =2.2.2 | |
Apache HTTP server | =2.2.4 | |
Apache HTTP server | =2.2.16 | |
Apache HTTP server | =2.2.21 | |
Apache HTTP server | =2.2.8 | |
Apache HTTP server | =2.2.14 | |
Apache HTTP server | =2.2.6 | |
Apache HTTP server | =2.2.19 | |
Apache HTTP server | =2.2.9 | |
Apache HTTP server | =2.2.18 | |
Apache HTTP server | =2.2.12 | |
Apache HTTP server | =2.2.3 | |
Apache HTTP server | =2.2.15 | |
Apache HTTP server | =2.2.20 | |
Apache HTTP server | =2.2.1 | |
redhat/httpd | <2.2.22 | 2.2.22 |
redhat/httpd | <0:2.2.3-53.el5_7.3 | 0:2.2.3-53.el5_7.3 |
redhat/httpd | <0:2.2.15-9.el6_1.3 | 0:2.2.15-9.el6_1.3 |
redhat/httpd | <0:2.2.17-15.4.ep5.el5 | 0:2.2.17-15.4.ep5.el5 |
redhat/httpd | <0:2.2.17-15.4.ep5.el6 | 0:2.2.17-15.4.ep5.el6 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)