Main Vulnerability Database Exploits ID:3684 - Exploit for Input validation error - CVE-2011-3368

ID:3684 - Exploit for Input validation error - CVE-2011-3368

Published: August 4, 2020

Vulnerability identifier: #VU33694

Vulnerability risk: Medium

CVE-ID: CVE-2011-3368

CWE-ID: CWE-20

Exploitation vector: Remote access

Vulnerable software:

Link to public exploit:

https://www.rapid7.com/db/modules/auxiliary/scanner/http/rewrite_proxy_bypass

Vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

Remediation

Install update from vendor's website.

ID:3684 - Exploit for Input validation error - CVE-2011-3368

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human