CVE-2011-3368 in Apache HTTP Serverinfo

Summary

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

Reservation

08/30/2011

Entries

VulDB provides additional information and datapoints for this CVE:

ID	Vulnerability	CWE	Exp	Cou	CVE
224799	Apache HTTP Server mod_proxy protocol.c server-side request forgery	918	Proof-of-Concept	Official fix	CVE-2011-3368
68770	Oracle SPARC Enterprise M3000/M4000/M5000/M8000/M9000 XCP Firmware input validation	20	High	Official fix	CVE-2011-3368
5726	Oracle E-Business Suite HTTP Server input validation	20	High	Official fix	CVE-2011-3368
5704	Oracle Fusion Middleware HTTP Server input validation	20	High	Official fix	CVE-2011-3368

Description

CPE

CWE

CVSS

Exploits

History

Diff

Relate

Threat Intelligence

API JSON

API XML

API CSV

◂ PreviousOverviewNext ▸

Interested in the pricing of exploits?

See the underground prices here!