PROBLEM:
Apache mod_proxy Pattern Matching Bug Lets Remote Users Access Internal Servers.
PLATFORM:
Apache HTTP Server 1.3.x, 2.2.21 and prior versions
ABSTRACT:
A remote user can access internal servers.
reference LINKS:
The Apache HTTP Server Project
SecurityTracker Alert ID: 1026144
CVE-2011-3368
IMPACT ASSESSMENT:
High
Discussion:
A vulnerability was reported in Apache mod_proxy. A remote user can access internal servers. When this system is configured in reverse proxy mode and uses the RewriteRule or ProxyPassMatch directives with a pattern match, a remote user can send a specially crafted request to access internal servers.
Impact:
A remote user can access internal servers.
Solution:
The vendor has issued a patch for version 2.2.21
Apache 2.2.21 (released 2011-09-13)