#VU33694 Input validation error - CVE-2011-3368
Vulnerability identifier: #VU33694
Vulnerability risk: Medium
CVSSv4.0: 6.9 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green]
CVE-ID:
CWE-ID:
CWE-20
Exploitation vector: Network
Exploit availability: Yes
Description
The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
Mitigation
Install update from vendor's website.
External links
https://kb.juniper.net/JSA10585
https://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
https://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
https://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
https://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
https://marc.info/?l=bugtraq&m=133294460209056&w=2
https://marc.info/?l=bugtraq&m=134987041210674&w=2
https://osvdb.org/76079
https://rhn.redhat.com/errata/RHSA-2012-0542.html
https://rhn.redhat.com/errata/RHSA-2012-0543.html
https://seclists.org/fulldisclosure/2011/Oct/232
https://seclists.org/fulldisclosure/2011/Oct/273
https://secunia.com/advisories/46288
https://secunia.com/advisories/46414
https://secunia.com/advisories/48551
https://support.apple.com/kb/HT5501
https://svn.apache.org/viewvc?view=revision&revision=1179239
https://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
https://www.contextis.com/research/blog/reverseproxybypass/
https://www.debian.org/security/2012/dsa-2405
https://www.exploit-db.com/exploits/17969
https://www.mandriva.com/security/advisories?name=MDVSA-2011:144
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
https://www.redhat.com/support/errata/RHSA-2011-1391.html
https://www.redhat.com/support/errata/RHSA-2011-1392.html
https://www.securityfocus.com/bid/49957
https://www.securitytracker.com/id?1026144
https://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
https://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
https://bugzilla.redhat.com/show_bug.cgi?id=740045
https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, a fully functional exploit for this vulnerability is available.
