Juniper Networks
Solutions
Products & Services
Company
Partners
Support
Education

Signature Detail

Security Intelligence Center
Signatures
Print

This site is deprecated. Please CLICK HERE for latest updates

Short Name

 HTTP:APACHE:MOD-PROXY-SECBYPASS

Severity

 Major

Recommended

 No

Recommended Action

 Drop

Category

 HTTP

Keywords

 Apache HTTPD mod_proxy Security Bypass

Release Date

 2013/01/08

Update Number

 2223

Supported Platforms

 idp-4.0+, isg-3.0+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+

HTTP: Apache HTTPD mod_proxy Security Bypass


This signature detects attempts to exploit a known flaw in the Apache HTTP Server's reverse proxy module mod_proxy. A successful attack can lead to exposure of internal servers and their resources to outside users.

Extended Description

Apache HTTP Server is prone to an information disclosure vulnerability. An attacker can exploit this vulnerability to gain access to sensitive information.

Affected Products

  • Apache_software_foundation apache 1.3
  • Apache_software_foundation apache 1.3.0
  • Apache_software_foundation apache 1.3.1
  • Apache_software_foundation apache 1.3.10
  • Apache_software_foundation apache 1.3.11
  • Apache_software_foundation apache 1.3.12
  • Apache_software_foundation apache 1.3.13
  • Apache_software_foundation apache 1.3.14
  • Apache_software_foundation apache 1.3.14 Mac
  • Apache_software_foundation apache 1.3.15
  • Apache_software_foundation apache 1.3.16
  • Apache_software_foundation apache 1.3.17
  • Apache_software_foundation apache 1.3.18
  • Apache_software_foundation apache 1.3.19
  • Apache_software_foundation apache 1.3.2
  • Apache_software_foundation apache 1.3.20
  • Apache_software_foundation apache 1.3.22
  • Apache_software_foundation apache 1.3.23
  • Apache_software_foundation apache 1.3.24
  • Apache_software_foundation apache 1.3.25
  • Apache_software_foundation apache 1.3.26
  • Apache_software_foundation apache 1.3.27
  • Apache_software_foundation apache 1.3.28
  • Apache_software_foundation apache 1.3.29
  • Apache_software_foundation apache 1.3.3
  • Apache_software_foundation apache 1.3.30
  • Apache_software_foundation apache 1.3.31
  • Apache_software_foundation apache 1.3.32
  • Apache_software_foundation apache 1.3.33
  • Apache_software_foundation apache 1.3.34
  • Apache_software_foundation apache 1.3.35
  • Apache_software_foundation apache 1.3.35 -Dev
  • Apache_software_foundation apache 1.3.36
  • Apache_software_foundation apache 1.3.37
  • Apache_software_foundation apache 1.3.38
  • Apache_software_foundation apache 1.3.39
  • Apache_software_foundation apache 1.3.4
  • Apache_software_foundation apache 1.3.40-Dev
  • Apache_software_foundation apache 1.3.41
  • Apache_software_foundation apache 1.3.42
  • Apache_software_foundation apache 1.3.5
  • Apache_software_foundation apache 1.3.6
  • Apache_software_foundation apache 1.3.65
  • Apache_software_foundation apache 1.3.68
  • Apache_software_foundation apache 1.3.7
  • Apache_software_foundation apache 1.3.7 -Dev
  • Apache_software_foundation apache 1.3.8
  • Apache_software_foundation apache 1.3.9
  • Apache_software_foundation apache 2.0.0
  • Apache_software_foundation apache 2.0.0 A9
  • Apache_software_foundation apache 2.0.28
  • Apache_software_foundation apache 2.0.28 Beta
  • Apache_software_foundation apache 2.0.28 -BETA
  • Apache_software_foundation apache 2.0.32
  • Apache_software_foundation apache 2.0.32 -BETA
  • Apache_software_foundation apache 2.0.34 -BETA
  • Apache_software_foundation apache 2.0.35
  • Apache_software_foundation apache 2.0.36
  • Apache_software_foundation apache 2.0.37
  • Apache_software_foundation apache 2.0.38
  • Apache_software_foundation apache 2.0.39
  • Apache_software_foundation apache 2.0.40
  • Apache_software_foundation apache 2.0.41
  • Apache_software_foundation apache 2.0.42
  • Apache_software_foundation apache 2.0.43
  • Apache_software_foundation apache 2.0.44
  • Apache_software_foundation apache 2.0.45
  • Apache_software_foundation apache 2.0.46
  • Apache_software_foundation apache 2.0.47
  • Apache_software_foundation apache 2.0.48
  • Apache_software_foundation apache 2.0.49
  • Apache_software_foundation apache 2.0.50
  • Apache_software_foundation apache 2.0.51
  • Apache_software_foundation apache 2.0.52
  • Apache_software_foundation apache 2.0.53
  • Apache_software_foundation apache 2.0.54
  • Apache_software_foundation apache 2.0.55
  • Apache_software_foundation apache 2.0.56
  • Apache_software_foundation apache 2.0.56 -Dev
  • Apache_software_foundation apache 2.0.57
  • Apache_software_foundation apache 2.0.58
  • Apache_software_foundation apache 2.0.59
  • Apache_software_foundation apache 2.0.60
  • Apache_software_foundation apache 2.0.60-Dev
  • Apache_software_foundation apache 2.0.61
  • Apache_software_foundation apache 2.0.61-Dev
  • Apache_software_foundation apache 2.0.62-Dev
  • Apache_software_foundation apache 2.0.63
  • Apache_software_foundation apache 2.0.64-Dev
  • Apache_software_foundation apache 2.0.9
  • Apache_software_foundation apache 2.1.0
  • Apache_software_foundation apache 2.1.1
  • Apache_software_foundation apache 2.1.2
  • Apache_software_foundation apache 2.1.3
  • Apache_software_foundation apache 2.1.4
  • Apache_software_foundation apache 2.1.5
  • Apache_software_foundation apache 2.1.6
  • Apache_software_foundation apache 2.1.7
  • Apache_software_foundation apache 2.1.8
  • Apache_software_foundation apache 2.1.9
  • Apache_software_foundation apache 2.2
  • Apache_software_foundation apache 2.2.0
  • Apache_software_foundation apache 2.2.1
  • Apache_software_foundation apache 2.2.10
  • Apache_software_foundation apache 2.2.11
  • Apache_software_foundation apache 2.2.12
  • Apache_software_foundation apache 2.2.13
  • Apache_software_foundation apache 2.2.14
  • Apache_software_foundation apache 2.2.15
  • Apache_software_foundation apache 2.2.15-Dev
  • Apache_software_foundation apache 2.2.16
  • Apache_software_foundation apache 2.2.17
  • Apache_software_foundation apache 2.2.18
  • Apache_software_foundation apache 2.2.19
  • Apache_software_foundation apache 2.2.2
  • Apache_software_foundation apache 2.2.20
  • Apache_software_foundation apache 2.2.21
  • Apache_software_foundation apache 2.2.3
  • Apache_software_foundation apache 2.2.4
  • Apache_software_foundation apache 2.2.5
  • Apache_software_foundation apache 2.2.5-Dev
  • Apache_software_foundation apache 2.2.6
  • Apache_software_foundation apache 2.2.6-Dev
  • Apache_software_foundation apache 2.2.7-Dev
  • Apache_software_foundation apache 2.2.8
  • Apache_software_foundation apache 2.2.9
  • Apache_software_foundation apache 2.3.0
  • Apache_software_foundation apache 2.3.1
  • Apache_software_foundation apache 2.3.2
  • Apache_software_foundation apache 2.3.3
  • Apache_software_foundation apache 2.3.38-Dev
  • Apache_software_foundation apache 2.3.4
  • Apache_software_foundation apache 2.3.5
  • Apache_software_foundation apache 2.3.6
  • Avaya aura_application_enablement_services 3.0
  • Avaya aura_application_enablement_services 3.1
  • Avaya aura_application_enablement_services 3.1.3
  • Avaya aura_application_enablement_services 3.1.4
  • Avaya aura_application_enablement_services 3.1.5
  • Avaya aura_application_enablement_services 3.1.6
  • Avaya aura_application_enablement_services 4.0
  • Avaya aura_application_enablement_services 4.0.1
  • Avaya aura_application_enablement_services 4.1
  • Avaya aura_application_enablement_services 4.2
  • Avaya aura_application_enablement_services 4.2.1
  • Avaya aura_application_enablement_services 4.2.2
  • Avaya aura_application_enablement_services 4.2.3
  • Avaya aura_application_enablement_services 5.2
  • Avaya aura_application_enablement_services 5.2.1
  • Avaya aura_application_enablement_services 5.2.2
  • Avaya aura_application_enablement_services 5.2.3
  • Avaya aura_application_enablement_services 6.1
  • Avaya aura_application_enablement_services 6.1.1
  • Avaya aura_communication_manager 4.0
  • Avaya aura_communication_manager 4.0
  • Avaya aura_communication_manager 5.1
  • Avaya aura_communication_manager 5.2
  • Avaya aura_communication_manager 5.2.1
  • Avaya aura_communication_manager 6.0
  • Avaya aura_communication_manager 6.0.1
  • Avaya aura_communication_manager_utility_services 6.0
  • Avaya aura_communication_manager_utility_services 6.1
  • Avaya aura_experience_portal 6.0
  • Avaya aura_messaging 6.0
  • Avaya aura_messaging 6.0.1
  • Avaya aura_session_manager 1.0
  • Avaya aura_session_manager 1.1
  • Avaya aura_session_manager 5.2
  • Avaya aura_session_manager 5.2 SP1
  • Avaya aura_session_manager 5.2 SP2
  • Avaya aura_session_manager 6.0
  • Avaya aura_session_manager 6.0 SP1
  • Avaya aura_session_manager 6.1
  • Avaya aura_session_manager 6.1.1
  • Avaya aura_session_manager 6.1.2
  • Avaya aura_session_manager 6.1.3
  • Avaya aura_session_manager 6.1 Sp1
  • Avaya aura_session_manager 6.1 SP2
  • Avaya aura_sip_enablement_services 4.0
  • Avaya aura_sip_enablement_services 5.0
  • Avaya aura_sip_enablement_services 5.1
  • Avaya aura_sip_enablement_services 5.2
  • Avaya aura_sip_enablement_services 5.2.1
  • Avaya aura_system_manager 6.0
  • Avaya aura_system_manager 6.0 SP1
  • Avaya aura_system_manager 6.1
  • Avaya aura_system_manager 6.1.1
  • Avaya aura_system_manager 6.1.2
  • Avaya aura_system_manager 6.1.3
  • Avaya aura_system_manager 6.1 Sp1
  • Avaya aura_system_manager 6.1 SP2
  • Avaya ip_office_application_server 6.0
  • Avaya ip_office_application_server 6.1
  • Avaya ip_office_application_server 7.0
  • Avaya ip_office_application_server 8.0
  • Avaya meeting_exchange 5.0
  • Avaya meeting_exchange 5.0.0.0.52
  • Avaya meeting_exchange 5.0 SP1
  • Avaya meeting_exchange 5.0 SP2
  • Avaya meeting_exchange 5.1
  • Avaya meeting_exchange 5.1 SP1
  • Avaya meeting_exchange 5.2
  • Avaya meeting_exchange 5.2 SP1
  • Avaya meeting_exchange 5.2 SP2
  • Avaya message_networking 3.1
  • Avaya message_networking 5.2
  • Avaya message_networking 5.2.1
  • Avaya message_networking 5.2.2
  • Avaya message_networking 5.2 SP1
  • Avaya voice_portal 4.0
  • Avaya voice_portal 4.1
  • Avaya voice_portal 4.1 SP1
  • Avaya voice_portal 4.1 SP2
  • Avaya voice_portal 5.0
  • Avaya voice_portal 5.0 SP1
  • Avaya voice_portal 5.0 SP2
  • Avaya voice_portal 5.1
  • Avaya voice_portal 5.1
  • Avaya voice_portal 5.1.1
  • Avaya voice_portal 5.1.2
  • Avaya voice_portal 5.1 SP1
  • Debian linux 6.0 amd64
  • Debian linux 6.0 arm
  • Debian linux 6.0 ia-32
  • Debian linux 6.0 ia-64
  • Debian linux 6.0 mips
  • Debian linux 6.0 powerpc
  • Debian linux 6.0 s/390
  • Debian linux 6.0 sparc
  • Fujitsu interstage_application_server_enterprise_edition 5.0
  • Fujitsu interstage_application_server_enterprise_edition 5.0.1
  • Fujitsu interstage_application_server_enterprise_edition 5.0 L10
  • Fujitsu interstage_application_server_enterprise_edition 5.0 L10A
  • Fujitsu interstage_application_server_enterprise_edition 5.0 L10B
  • Fujitsu interstage_application_server_enterprise_edition 5.0 L11
  • Fujitsu interstage_application_server_enterprise_edition 5.0 L20
  • Fujitsu interstage_application_server_enterprise_edition 5.0 L20A
  • Fujitsu interstage_application_server_enterprise_edition 5.1
  • Fujitsu interstage_application_server_enterprise_edition 5.1.1
  • Fujitsu interstage_application_server_enterprise_edition 6.0
  • Fujitsu interstage_application_server_enterprise_edition 6.0.1
  • Fujitsu interstage_application_server_enterprise_edition 6.0.2
  • Fujitsu interstage_application_server_enterprise_edition 6.0A
  • Fujitsu interstage_application_server_enterprise_edition 6.0 L10
  • Fujitsu interstage_application_server_enterprise_edition 6.0 L10B
  • Fujitsu interstage_application_server_enterprise_edition 6.0 L10C
  • Fujitsu interstage_application_server_enterprise_edition 7.0
  • Fujitsu interstage_application_server_enterprise_edition 7.0.1
  • Fujitsu interstage_application_server_enterprise_edition 7.0 L10
  • Fujitsu interstage_application_server_enterprise_edition 7.0 L11
  • Fujitsu interstage_application_server_enterprise_edition 8.0.0
  • Fujitsu interstage_application_server_enterprise_edition 8.0.1
  • Fujitsu interstage_application_server_enterprise_edition 8.0.2
  • Fujitsu interstage_application_server_enterprise_edition 8.0.3
  • Fujitsu interstage_application_server_enterprise_edition 9.0.0
  • Fujitsu interstage_application_server_enterprise_edition 9.0.0A
  • Fujitsu interstage_application_server_enterprise_edition 9.0.0 B
  • Fujitsu interstage_application_server_enterprise_edition 9.0.1
  • Fujitsu interstage_application_server_enterprise_edition 9.0.1 B
  • Fujitsu interstage_application_server_enterprise_edition 9.1.0
  • Fujitsu interstage_application_server_enterprise_edition 9.1.0A
  • Fujitsu interstage_application_server_enterprise_edition 9.1.0B
  • Fujitsu interstage_application_server_enterprise_edition 9.2.0
  • Fujitsu interstage_application_server_plus 5.0.1
  • Fujitsu interstage_application_server_plus 5.1
  • Fujitsu interstage_application_server_plus 5.1.1
  • Fujitsu interstage_application_server_plus 6.0
  • Fujitsu interstage_application_server_plus 6.0.1
  • Fujitsu interstage_application_server_plus 6.0.2
  • Fujitsu interstage_application_server_plus 6.0 L10
  • Fujitsu interstage_application_server_plus 6.0 L10A
  • Fujitsu interstage_application_server_plus 6.0 L10B
  • Fujitsu interstage_application_server_plus 6.0 L10C
  • Fujitsu interstage_application_server_plus 6.0 L11
  • Fujitsu interstage_application_server_plus 7.0
  • Fujitsu interstage_application_server_plus 7.0.1
  • Fujitsu interstage_application_server_plus 7.0 L10
  • Fujitsu interstage_application_server_plus 7.0 L11
  • Fujitsu interstage_application_server_plus_developer 5.0.1
  • Fujitsu interstage_application_server_plus_developer 5.0 L20
  • Fujitsu interstage_application_server_plus_developer 6.0
  • Fujitsu interstage_application_server_plus_developer 6.0 L10
  • Fujitsu interstage_application_server_plus_developer 7.0
  • Fujitsu interstage_application_server_plus_developer 7.0 L10
  • Fujitsu interstage_application_server_standard_edition 5.0
  • Fujitsu interstage_application_server_standard_edition 5.0 L10
  • Fujitsu interstage_application_server_standard_edition 5.0 L10A
  • Fujitsu interstage_application_server_standard_edition 5.0 L10B
  • Fujitsu interstage_application_server_standard_edition 5.0 L11
  • Fujitsu interstage_application_server_standard_edition 5.0 L20
  • Fujitsu interstage_application_server_standard_edition 5.0 L20A
  • Fujitsu interstage_application_server_standard-j_edition 8.0.0
  • Fujitsu interstage_application_server_standard-j_edition 8.0.1
  • Fujitsu interstage_application_server_standard-j_edition 8.0.2
  • Fujitsu interstage_application_server_standard-j_edition 8.0.3
  • Fujitsu interstage_application_server_standard-j_edition 9.0.0
  • Fujitsu interstage_application_server_standard-j_edition 9.0.0A
  • Fujitsu interstage_application_server_standard-j_edition 9.0.0 B
  • Fujitsu interstage_application_server_standard-j_edition 9.0.1
  • Fujitsu interstage_application_server_standard-j_edition 9.0.1 B
  • Fujitsu interstage_application_server_standard-j_edition 9.1.0
  • Fujitsu interstage_application_server_standard-j_edition 9.1.0B
  • Fujitsu interstage_application_server_standard-j_edition 9.2.0
  • Fujitsu interstage_application_server_web-j_edition 5.0
  • Fujitsu interstage_application_server_web-j_edition 5.0 L10
  • Fujitsu interstage_application_server_web-j_edition 5.0 L10A
  • Fujitsu interstage_application_server_web-j_edition 5.0 L10B
  • Fujitsu interstage_application_server_web-j_edition 5.0 L11
  • Fujitsu interstage_application_server_web-j_edition 5.0 L20
  • Fujitsu interstage_application_server_web-j_edition 5.0 L20A
  • Fujitsu interstage_apworks_modelers-j_edition 6.0
  • Fujitsu interstage_apworks_modelers-j_edition 6.0A
  • Fujitsu interstage_apworks_modelers-j_edition 6.0 L10
  • Fujitsu interstage_apworks_modelers-j_edition 6.0 L10A
  • Fujitsu interstage_apworks_modelers-j_edition 7.0
  • Fujitsu interstage_apworks_modelers-j_edition 7.0 L10
  • Fujitsu interstage_business_application_server_enterprise 8.0.0
  • Fujitsu interstage_job_workload_server 8.1.0
  • Fujitsu interstage_studio_enterprise_edition 8.0.1
  • Fujitsu interstage_studio_enterprise_edition 9.0.0
  • Fujitsu interstage_studio_enterprise_edition 9.1.0
  • Fujitsu interstage_studio_enterprise_edition 9.1.0 B
  • Fujitsu interstage_studio_enterprise_edition 9.2.0
  • Fujitsu interstage_studio_standard-j_edition 8.0.1
  • Fujitsu interstage_studio_standard-j_edition 9.0.0
  • Fujitsu interstage_studio_standard-j_edition 9.1.0
  • Fujitsu interstage_studio_standard-j_edition 9.1.0 B
  • Fujitsu interstage_studio_standard-j_edition 9.2.0
  • Gentoo linux
  • Hp openview_network_node_manager 7.53 - Hp-Ux
  • Hp openview_network_node_manager 7.53 - Linux
  • Hp openview_network_node_manager 7.53 - Solaris
  • Hp system_management_homepage 3.0.0.64
  • Hp system_management_homepage 3.0.0-68
  • Hp system_management_homepage 3.0.0.68
  • Hp system_management_homepage 3.0.1-73
  • Hp system_management_homepage 3.0.1.73
  • Hp system_management_homepage 3.0.2-77
  • Hp system_management_homepage 3.0.2.77
  • Hp system_management_homepage 3.0.2.77 B
  • Hp system_management_homepage 6.0
  • Hp system_management_homepage 6.0.0-95
  • Hp system_management_homepage 6.0.0.95
  • Hp system_management_homepage 6.0.0.96
  • Hp system_management_homepage 6.1
  • Hp system_management_homepage 6.1.0.102
  • Hp system_management_homepage 6.1.0-103
  • Hp system_management_homepage 6.1.0.103
  • Hp system_management_homepage 6.2
  • Hp system_management_homepage 6.2
  • Hp system_management_homepage 6.2.0-12
  • Hp system_management_homepage 6.2.2.7
  • Hp system_management_homepage 6.3
  • Hp system_management_homepage
  • Ibm http_server 7.0.0.11
  • Ibm http_server 7.0.0.13
  • Ibm http_server 7.0.0.15
  • Ibm http_server 7.0.0.17
  • Ibm http_server 7.0.0.19
  • Ibm http_server 7.0.0.5
  • Ibm os/400 V5R4M0
  • Ibm os/400 V5R5M0
  • Ibm os/400 V6R1M0
  • Mandriva enterprise_server 5
  • Mandriva enterprise_server 5 X86 64
  • Mandriva linux_mandrake 2009.0
  • Mandriva linux_mandrake 2009.0 X86 64
  • Mandriva linux_mandrake 2010.1
  • Mandriva linux_mandrake 2010.1 X86 64
  • Mandriva linux_mandrake 2011
  • Mandriva linux_mandrake 2011 x86_64
  • Oracle application_server_10g 10.1.3 .5.0 R3
  • Oracle enterprise_linux 4
  • Oracle enterprise_linux 5
  • Oracle enterprise_linux 6
  • Oracle fusion_middleware_11g 11.1.1.5.0 R1
  • Oracle fusion_middleware_11g 11.1.2.0 R2
  • Red_hat enterprise_linux 5 Server
  • Red_hat enterprise_linux Desktop Version 4
  • Red_hat enterprise_linux_as 4
  • Red_hat enterprise_linux_desktop 5 Client
  • Red_hat enterprise_linux_desktop 6
  • Red_hat enterprise_linux_desktop_optional 6
  • Red_hat enterprise_linux_desktop_workstation 5 Client
  • Red_hat enterprise_linux_es 4
  • Red_hat enterprise_linux_hpc_node 6
  • Red_hat enterprise_linux_hpc_node_optional 6
  • Red_hat enterprise_linux_server 6
  • Red_hat enterprise_linux_workstation 6
  • Red_hat enterprise_linux_ws 4
  • Red_hat fedora 15
  • Red_hat fedora 16
  • Red_hat jboss_enterprise_web_server_for_rhel_5_server 1.0.0
  • Red_hat jboss_enterprise_web_server_for_rhel_6 1.0.0
  • Slackware linux 12.0
  • Slackware linux 12.1
  • Slackware linux 12.2
  • Slackware linux 13.0
  • Slackware linux 13.0 X86 64
  • Slackware linux 13.1
  • Slackware linux 13.1 X86 64
  • Slackware linux 13.37
  • Slackware linux 13.37 x86_64
  • Slackware linux -Current
  • Slackware linux X86 64 -Current
  • Ubuntu ubuntu_linux 10.04 Amd64
  • Ubuntu ubuntu_linux 10.04 ARM
  • Ubuntu ubuntu_linux 10.04 I386
  • Ubuntu ubuntu_linux 10.04 Powerpc
  • Ubuntu ubuntu_linux 10.04 Sparc
  • Ubuntu ubuntu_linux 10.10 amd64
  • Ubuntu ubuntu_linux 10.10 ARM
  • Ubuntu ubuntu_linux 10.10 i386
  • Ubuntu ubuntu_linux 10.10 powerpc
  • Ubuntu ubuntu_linux 11.04 amd64
  • Ubuntu ubuntu_linux 11.04 ARM
  • Ubuntu ubuntu_linux 11.04 i386
  • Ubuntu ubuntu_linux 11.04 powerpc
  • Ubuntu ubuntu_linux 11.10 amd64
  • Ubuntu ubuntu_linux 11.10 i386
  • Ubuntu ubuntu_linux 8.04 LTS Amd64
  • Ubuntu ubuntu_linux 8.04 LTS I386
  • Ubuntu ubuntu_linux 8.04 LTS Lpia
  • Ubuntu ubuntu_linux 8.04 LTS Powerpc
  • Ubuntu ubuntu_linux 8.04 LTS Sparc

References

  • BugTraq: 49957
  • CVE: CVE-2011-3368

Site Map
RSS Feeds
Careers
Accessibility
Feedback
Privacy Policy
Legal Notices
Copyright © 1999-2010 Juniper Networks, Inc. All rights reserved.
Help
|
My Account
|
Log Out