Signature Detail
This site is deprecated. Please CLICK HERE for latest updates
Short Name |
HTTP:APACHE:REV-PROXY-EXPLOIT |
|---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Apache HTTP Server Reverse Proxy/Rewrite URL Exploit |
Release Date |
2011/11/29 |
Update Number |
2038 |
Supported Platforms |
di-5.3+, idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
HTTP: Apache HTTP Server Reverse Proxy/Rewrite URL Exploit
This signature detects attempts to exploit a known common configuration flaw with Apache HTTP Server. An attacker can send a malformed request that can bypass common proxy filters and access internal resources.
Extended Description
Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications.
Affected Products
- Apache_software_foundation apache 2.0.0
- Apache_software_foundation apache 2.0.0 A9
- Apache_software_foundation apache 2.0.28
- Apache_software_foundation apache 2.0.28 Beta
- Apache_software_foundation apache 2.0.28 -BETA
- Apache_software_foundation apache 2.0.32
- Apache_software_foundation apache 2.0.32 -BETA
- Apache_software_foundation apache 2.0.34 -BETA
- Apache_software_foundation apache 2.0.35
- Apache_software_foundation apache 2.0.36
- Apache_software_foundation apache 2.0.37
- Apache_software_foundation apache 2.0.38
- Apache_software_foundation apache 2.0.39
- Apache_software_foundation apache 2.0.40
- Apache_software_foundation apache 2.0.41
- Apache_software_foundation apache 2.0.42
- Apache_software_foundation apache 2.0.43
- Apache_software_foundation apache 2.0.44
- Apache_software_foundation apache 2.0.45
- Apache_software_foundation apache 2.0.46
- Apache_software_foundation apache 2.0.47
- Apache_software_foundation apache 2.0.48
- Apache_software_foundation apache 2.0.49
- Apache_software_foundation apache 2.0.50
- Apache_software_foundation apache 2.0.51
- Apache_software_foundation apache 2.0.52
- Apache_software_foundation apache 2.0.53
- Apache_software_foundation apache 2.0.54
- Apache_software_foundation apache 2.0.55
- Apache_software_foundation apache 2.0.56
- Apache_software_foundation apache 2.0.56 -Dev
- Apache_software_foundation apache 2.0.57
- Apache_software_foundation apache 2.0.58
- Apache_software_foundation apache 2.0.59
- Apache_software_foundation apache 2.0.60
- Apache_software_foundation apache 2.0.60-Dev
- Apache_software_foundation apache 2.0.61
- Apache_software_foundation apache 2.0.61-Dev
- Apache_software_foundation apache 2.0.62-Dev
- Apache_software_foundation apache 2.0.63
- Apache_software_foundation apache 2.0.64
- Apache_software_foundation apache 2.0.64-Dev
- Apache_software_foundation apache 2.0.9
- Apache_software_foundation apache 2.2
- Apache_software_foundation apache 2.2.0
- Apache_software_foundation apache 2.2.1
- Apache_software_foundation apache 2.2.10
- Apache_software_foundation apache 2.2.11
- Apache_software_foundation apache 2.2.12
- Apache_software_foundation apache 2.2.13
- Apache_software_foundation apache 2.2.14
- Apache_software_foundation apache 2.2.15
- Apache_software_foundation apache 2.2.15-Dev
- Apache_software_foundation apache 2.2.16
- Apache_software_foundation apache 2.2.17
- Apache_software_foundation apache 2.2.18
- Apache_software_foundation apache 2.2.19
- Apache_software_foundation apache 2.2.2
- Apache_software_foundation apache 2.2.20
- Apache_software_foundation apache 2.2.21
- Apache_software_foundation apache 2.2.21
- Apache_software_foundation apache 2.2.3
- Apache_software_foundation apache 2.2.4
- Apache_software_foundation apache 2.2.5
- Apache_software_foundation apache 2.2.5-Dev
- Apache_software_foundation apache 2.2.6
- Apache_software_foundation apache 2.2.6-Dev
- Apache_software_foundation apache 2.2.7-Dev
- Apache_software_foundation apache 2.2.8
- Apache_software_foundation apache 2.2.9
- Avaya aura_experience_portal 6.0
- Debian linux 6.0 amd64
- Debian linux 6.0 arm
- Debian linux 6.0 ia-32
- Debian linux 6.0 ia-64
- Debian linux 6.0 mips
- Debian linux 6.0 powerpc
- Debian linux 6.0 s/390
- Debian linux 6.0 sparc
- Gentoo linux
- Hp openview_network_node_manager 7.53 - Hp-Ux
- Hp openview_network_node_manager 7.53 - Linux
- Hp openview_network_node_manager 7.53 - Solaris
- Hp system_management_homepage 3.0.0.64
- Hp system_management_homepage 3.0.0-68
- Hp system_management_homepage 3.0.0.68
- Hp system_management_homepage 3.0.1-73
- Hp system_management_homepage 3.0.1.73
- Hp system_management_homepage 3.0.2-77
- Hp system_management_homepage 3.0.2.77
- Hp system_management_homepage 3.0.2.77 B
- Hp system_management_homepage 6.0
- Hp system_management_homepage 6.0.0-95
- Hp system_management_homepage 6.0.0.95
- Hp system_management_homepage 6.0.0.96
- Hp system_management_homepage 6.1
- Hp system_management_homepage 6.1.0.102
- Hp system_management_homepage 6.1.0-103
- Hp system_management_homepage 6.1.0.103
- Hp system_management_homepage 6.2
- Hp system_management_homepage 6.2
- Hp system_management_homepage 6.2.0-12
- Hp system_management_homepage 6.2.2.7
- Hp system_management_homepage 6.3
- Hp system_management_homepage 7.1
- Hp system_management_homepage
- Ibm http_server 7.0.0.11
- Ibm http_server 7.0.0.13
- Ibm http_server 7.0.0.15
- Ibm http_server 7.0.0.17
- Ibm http_server 7.0.0.19
- Ibm http_server 7.0.0.5
- Ibm os/400_v6r1m0
- Mandriva enterprise_server 5
- Mandriva enterprise_server 5 X86 64
- Mandriva linux_mandrake 2010.1
- Mandriva linux_mandrake 2010.1 X86 64
- Mandriva linux_mandrake 2011
- Mandriva linux_mandrake 2011 x86_64
- Oracle enterprise_linux 6
- Oracle enterprise_linux 6.2
- Oracle fusion_middleware 10.1.3.5
- Oracle fusion_middleware 11.1.1.5.0
- Oracle fusion_middleware 11.1.1.6
- Oracle fusion_middleware_11g 11.1.1.1.0 R1
- Oracle fusion_middleware_11g 11.1.1.2.0 R1
- Oracle fusion_middleware_11g 11.1.1.3.0 R1
- Oracle fusion_middleware_11g 11.1.1.4.0 R1
- Oracle fusion_middleware_11g 11.1.1.5.0 R1
- Oracle oracle10g_application_server 10.1.3 .5.0
- Oracle oracle9i_application_server 1.0.2 .2
- Oracle oracle_fusion_middleware_11g_release_1 11.1.1.5
- Oracle oracle_fusion_middleware_11g_release_1 11.1.1.5
- Oracle oracle_fusion_middleware_11g_release_1 11.1.1.6
- Oracle oracle_fusion_middleware_11g_release_1 11.1.1.6
- Oracle oracle_fusion_middleware_11g_release_2 11.1.2.0
- Oracle oracle_fusion_middleware_11g_release_2 11.1.2.0
- Red_hat enterprise_linux_desktop 6
- Red_hat enterprise_linux_desktop_optional 6
- Red_hat enterprise_linux_hpc_node 6
- Red_hat enterprise_linux_hpc_node_optional 6
- Red_hat enterprise_linux_server 6
- Red_hat enterprise_linux_workstation 6
- Red_hat fedora 15
- Slackware linux 12.0
- Slackware linux 12.1
- Slackware linux 12.2
- Slackware linux 13.0
- Slackware linux 13.0 X86 64
- Slackware linux 13.1
- Slackware linux 13.1 X86 64
- Slackware linux 13.37
- Slackware linux 13.37 x86_64
- Slackware linux -Current
- Slackware linux X86 64 -Current
- Ubuntu ubuntu_linux 10.04 Amd64
- Ubuntu ubuntu_linux 10.04 ARM
- Ubuntu ubuntu_linux 10.04 I386
- Ubuntu ubuntu_linux 10.04 Powerpc
- Ubuntu ubuntu_linux 10.04 Sparc
- Ubuntu ubuntu_linux 10.10 amd64
- Ubuntu ubuntu_linux 10.10 ARM
- Ubuntu ubuntu_linux 10.10 i386
- Ubuntu ubuntu_linux 10.10 powerpc
- Ubuntu ubuntu_linux 11.04 amd64
- Ubuntu ubuntu_linux 11.04 ARM
- Ubuntu ubuntu_linux 11.04 i386
- Ubuntu ubuntu_linux 11.04 powerpc
- Ubuntu ubuntu_linux 11.10 amd64
- Ubuntu ubuntu_linux 11.10 i386
- Ubuntu ubuntu_linux 8.04 LTS Amd64
- Ubuntu ubuntu_linux 8.04 LTS I386
- Ubuntu ubuntu_linux 8.04 LTS Lpia
- Ubuntu ubuntu_linux 8.04 LTS Powerpc
- Ubuntu ubuntu_linux 8.04 LTS Sparc
References