Apache HTTP Server "mod_proxy" Reverse Proxy Security Restriction Bypass Vulnerability

Release date:
Updated on:

Affected Systems:
Apache Group Apache HTTP Server 2.2.x
Apache Group Apache HTTP Server 2.0.x
Description:
--------------------------------------------------------------------------------
Bugtraq id: 51869
Cve id: CVE-2011-3639

Apache HTTP Server is an open-source Web Server of the Apache Software Foundation and can be run in most computer operating systems.

When installing the Revision 1179239 patch, the mod_proxy module in Apache HTTP Server 2.0.x to 2.0.64 and 2.2.x versions earlier than 2.2.x does not correctly use the RewriteRule and ProxyPassMatch modes to match the configuration of the reverse proxy, this allows remote attackers to send malformed requests to internal servers through the HTTP/0.9 protocol, bypassing certain security restrictions and obtaining sensitive information.

<* Source: Tomas Hoger (thoger@redhat.com)

Link: https://community.qualys.com/blogs/securitylabs/tags/cve-2011-4317
*>

Test method:
--------------------------------------------------------------------------------
Alert

The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!

RewriteRule ^ (. *) http://www.example.com $1
ProxyPassMatch ^ (. *) http://www.example.com $1

Suggestion:
--------------------------------------------------------------------------------
Vendor patch:

Apache Group
------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:

Http://httpd.apache.org/