#VU33695 Input validation error - CVE-2011-4317


| Updated: 2020-08-04

Vulnerability identifier: #VU33695

Vulnerability risk: Medium

CVSSv4.0: 5.5 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:P/U:Green]

CVE-ID: CVE-2011-4317

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: Yes

Description

The vulnerability allows a remote non-authenticated attacker to manipulate data.

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

Mitigation
Install update from vendor's website.

External links
https://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041
https://kb.juniper.net/JSA10585
https://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
https://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
https://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
https://marc.info/?l=bugtraq&m=133294460209056&w=2
https://marc.info/?l=bugtraq&m=134987041210674&w=2
https://rhn.redhat.com/errata/RHSA-2012-0128.html
https://secunia.com/advisories/48551
https://support.apple.com/kb/HT5501
https://thread.gmane.org/gmane.comp.apache.devel/46440
https://www.debian.org/security/2012/dsa-2405
https://www.mandriva.com/security/advisories?name=MDVSA-2012:003
https://www.mandriva.com/security/advisories?name=MDVSA-2013:150
https://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
https://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
https://www.securitytracker.com/id?1026353
https://bugzilla.redhat.com/show_bug.cgi?id=756483
https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7@%3Ccvs.httpd.apache.org%3E
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b@%3Ccvs.httpd.apache.org%3E

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.


Latest bulletins with this vulnerability


Multiple vulnerabilities in HP OpenView Network Node Manager (OV NNM)
Slackware Linux update for httpd
Input validation error in apache2 (Alpine package)