Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
BID:50802
Info
Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
| Bugtraq ID: | 50802 |
| Class: | Design Error |
| CVE: |
CVE-2011-4317 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 24 2011 12:00AM |
| Updated: | Apr 13 2015 08:23PM |
| Credit: | Prutha Parikh, Qualys |
| Vulnerable: |
Xerox FreeFlow Print Server (FFPS) 73.C0.41 Xerox FreeFlow Print Server (FFPS) 73.B3.61 Ubuntu Ubuntu Linux 8.04 LTS sparc Ubuntu Ubuntu Linux 8.04 LTS powerpc Ubuntu Ubuntu Linux 8.04 LTS lpia Ubuntu Ubuntu Linux 8.04 LTS i386 Ubuntu Ubuntu Linux 8.04 LTS amd64 Ubuntu Ubuntu Linux 11.10 i386 Ubuntu Ubuntu Linux 11.10 amd64 Ubuntu Ubuntu Linux 11.04 powerpc Ubuntu Ubuntu Linux 11.04 i386 Ubuntu Ubuntu Linux 11.04 ARM Ubuntu Ubuntu Linux 11.04 amd64 Ubuntu Ubuntu Linux 10.10 powerpc Ubuntu Ubuntu Linux 10.10 i386 Ubuntu Ubuntu Linux 10.10 ARM Ubuntu Ubuntu Linux 10.10 amd64 Ubuntu Ubuntu Linux 10.04 sparc Ubuntu Ubuntu Linux 10.04 powerpc Ubuntu Ubuntu Linux 10.04 i386 Ubuntu Ubuntu Linux 10.04 ARM Ubuntu Ubuntu Linux 10.04 amd64 Slackware Linux x86_64 -current Slackware Linux 13.37 x86_64 Slackware Linux 13.37 Slackware Linux 13.1 x86_64 Slackware Linux 13.1 Slackware Linux 13.0 x86_64 Slackware Linux 13.0 Slackware Linux 12.2 Slackware Linux 12.1 Slackware Linux 12.0 Slackware Linux -current Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Oracle Oracle9i Application Server 1.0.2 .2 Oracle Oracle10g Application Server 10.1.3 .5.0 Oracle Fusion Middleware 10.1.3 .5 Oracle Fusion Middleware 11.1.1.5.0 Oracle Enterprise Linux 6.2 Oracle Enterprise Linux 6 Mandriva Linux Mandrake 2011 x86_64 Mandriva Linux Mandrake 2011 Mandriva Linux Mandrake 2010.1 x86_64 Mandriva Linux Mandrake 2010.1 MandrakeSoft Enterprise Server 5 x86_64 MandrakeSoft Enterprise Server 5 Juniper Networks JUNOS 11.1 IBM Storwize V7000 Unified 1.3.1.0 IBM Storwize V7000 Unified 1.3.0.5 IBM Storwize V7000 Unified 1.3.0.0 IBM OS/400 V6R1M0 0 IBM HTTP Server 7.0 .11 IBM HTTP Server 7.0.0.5 IBM HTTP Server 7.0.0.19 IBM HTTP Server 7.0.0.17 IBM HTTP Server 7.0.0.15 IBM HTTP Server 7.0.0.13 HP System Management Homepage 6.2.2 7 HP System Management Homepage 6.0 .96 HP System Management Homepage 3.0.2 .77 HP System Management Homepage 3.0.1 .73 HP System Management Homepage 3.0 .68 HP System Management Homepage 3.0 .64 HP System Management Homepage 7.0 HP System Management Homepage 6.3 HP System Management Homepage 6.2.0-12 HP System Management Homepage 6.2 HP System Management Homepage 6.2 HP System Management Homepage 6.1.0.103 HP System Management Homepage 6.1.0.102 HP System Management Homepage 6.1.0-103 HP System Management Homepage 6.1 HP System Management Homepage 6.0.0.95 HP System Management Homepage 6.0.0-95 HP System Management Homepage 6.0 HP System Management Homepage 3.0.2.77 B HP System Management Homepage 3.0.2-77 HP System Management Homepage 3.0.1-73 HP System Management Homepage 3.0.0-68 HP System Management Homepage 0 HP OpenVMS Secure Web Server 2.2 Gentoo Linux Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Avaya Aura Experience Portal 6.0 Apple Mac Os X Server 10.7.3 Apple Mac Os X Server 10.7.2 Apple Mac Os X Server 10.7.1 Apple Mac Os X Server 10.7 Apple Mac Os X Server 10.6.8 Apple Mac Os X 10.7.4 Apple Mac Os X 10.7.3 Apple Mac Os X 10.7.2 Apple Mac Os X 10.7.1 Apache Software Foundation Apache 2.2.15 Apache Software Foundation Apache 2.2.14 Apache Software Foundation Apache 2.2.13 Apache Software Foundation Apache 2.2.12 Apache Software Foundation Apache 2.2.11 Apache Software Foundation Apache 2.2.10 Apache Software Foundation Apache 2.2.9 Apache Software Foundation Apache 2.2.8 Apache Software Foundation Apache 2.2.6 Apache Software Foundation Apache 2.2.5 Apache Software Foundation Apache 2.2.4 Apache Software Foundation Apache 2.2.3 Apache Software Foundation Apache 2.2.2 Apache Software Foundation Apache 2.2 Apache Software Foundation Apache 2.0.63 Apache Software Foundation Apache 2.0.61 Apache Software Foundation Apache 2.0.60 Apache Software Foundation Apache 2.0.59 Apache Software Foundation Apache 2.0.58 Apache Software Foundation Apache 2.0.57 Apache Software Foundation Apache 2.0.56 -dev Apache Software Foundation Apache 2.0.56 Apache Software Foundation Apache 2.0.55 Apache Software Foundation Apache 2.0.54 Apache Software Foundation Apache 2.0.53 Apache Software Foundation Apache 2.0.52 Apache Software Foundation Apache 2.0.51 Apache Software Foundation Apache 2.0.50 Apache Software Foundation Apache 2.0.49 Apache Software Foundation Apache 2.0.48 Apache Software Foundation Apache 2.0.47 Apache Software Foundation Apache 2.0.46 Apache Software Foundation Apache 2.0.45 Apache Software Foundation Apache 2.0.44 Apache Software Foundation Apache 2.0.43 Apache Software Foundation Apache 2.0.42 Apache Software Foundation Apache 2.0.41 Apache Software Foundation Apache 2.0.40 Apache Software Foundation Apache 2.0.39 Apache Software Foundation Apache 2.0.38 Apache Software Foundation Apache 2.0.37 Apache Software Foundation Apache 2.0.36 Apache Software Foundation Apache 2.0.35 Apache Software Foundation Apache 2.0.34 -BETA Apache Software Foundation Apache 2.0.32 -BETA Apache Software Foundation Apache 2.0.32 Apache Software Foundation Apache 2.0.28 -BETA Apache Software Foundation Apache 2.0.28 Beta Apache Software Foundation Apache 2.0.28 Apache Software Foundation Apache 2.0.9 Apache Software Foundation Apache 2.0 a9 Apache Software Foundation Apache 2.0 Apache Software Foundation Apache 2.2.7-dev Apache Software Foundation Apache 2.2.6-dev Apache Software Foundation Apache 2.2.5-dev Apache Software Foundation Apache 2.2.21 Apache Software Foundation Apache 2.2.21 Apache Software Foundation Apache 2.2.20 Apache Software Foundation Apache 2.2.19 Apache Software Foundation Apache 2.2.18 Apache Software Foundation Apache 2.2.17 Apache Software Foundation Apache 2.2.16 Apache Software Foundation Apache 2.2.15-dev Apache Software Foundation Apache 2.2.1 Apache Software Foundation Apache 2.2 Apache Software Foundation Apache 2.0.64-dev Apache Software Foundation Apache 2.0.64 Apache Software Foundation Apache 2.0.62-dev Apache Software Foundation Apache 2.0.61-dev Apache Software Foundation Apache 2.0.60-dev |
| Not Vulnerable: |
IBM HTTP Server 7.0.0.21 HP System Management Homepage 7.0 |
Discussion
Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
Apache HTTP Server is prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications.
Apache HTTP Server is prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications.
Exploit / POC
Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
An attacker needs to host a malicious web application on the affected webserver.
The following example patterns are available:
RewriteRule ^(.*) http://www.example.com$1
ProxyPassMatch ^(.*) http://www.example.com$1
An attacker needs to host a malicious web application on the affected webserver.
The following example patterns are available:
RewriteRule ^(.*) http://www.example.com$1
ProxyPassMatch ^(.*) http://www.example.com$1
Solution / Fix
Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Slackware Linux 12.2
Slackware Linux 13.1
Apple Mac OS X 10.6.8
Apple Mac OS X 10.7.3
Slackware Linux x86_64 -current
MandrakeSoft Enterprise Server 5
Slackware Linux 13.0 x86_64
Solution:
Updates are available. Please see the references for more information.
Slackware Linux 12.2
-
Slackware apr-util-1.4.1-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ apr-util-1.4.1-i486-1_slack12.2.tgz -
Slackware httpd-2.2.22-i486-1_slack12.2.tgz
ftp://ftp.slackware.com/pub/slackware/slackware-12.2/patches/packages/ httpd-2.2.22-i486-1_slack12.2.tgz
Slackware Linux 13.1
-
Slackware apr-util-1.4.1-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ apr-util-1.4.1-i486-1_slack13.1.txz -
Slackware httpd-2.2.22-i486-1_slack13.1.txz
ftp://ftp.slackware.com/pub/slackware/slackware-13.1/patches/packages/ httpd-2.2.22-i486-1_slack13.1.txz
Apple Mac OS X 10.6.8
-
Apple SecUpd2012-004.dmg
For Mac OS X v10.6.8
http://www.apple.com/support/downloads/
Apple Mac OS X 10.7.3
-
Apple MacOSXUpdCombo10.7.5.dmg
For OS X Lion v10.7 and v10.7.3
http://www.apple.com/support/downloads/
Slackware Linux x86_64 -current
-
Slackware apr-util-1.4.1-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ l/apr-util-1.4.1-x86_64-1.txz -
Slackware httpd-2.2.22-x86_64-1.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-current/slackware64/ n/httpd-2.2.22-x86_64-1.txz
MandrakeSoft Enterprise Server 5
-
Mandriva apache-base-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-devel-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-htcacheclean-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mod_authn_dbd-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mod_cache-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mod_dav-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mod_dbd-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mod_deflate-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mod_disk_cache-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mod_file_cache-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mod_ldap-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mod_mem_cache-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mod_proxy-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mod_proxy_ajp-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mod_ssl-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mod_userdir-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-modules-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mpm-event-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mpm-itk-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mpm-peruser-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mpm-prefork-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-mpm-worker-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/ -
Mandriva apache-source-2.2.9-12.15mdvmes5.2.i586.rpm
http://www.mandriva.com/en/downloads/
Slackware Linux 13.0 x86_64
-
Slackware apr-util-1.4.1-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/package s/apr-util-1.4.1-x86_64-1_slack13.0.txz -
Slackware httpd-2.2.22-x86_64-1_slack13.0.txz
ftp://ftp.slackware.com/pub/slackware/slackware64-13.0/patches/package s/httpd-2.2.22-x86_64-1_slack13.0.txz
References
Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
References:
References:
- Apache Homepage (Apache Software Foundation)
- Fix list for IBM HTTP Server Version 7.0 (IBM)
- further proxy/rewrite URL validation security issue (CVE-2011-4317) (Plüm, Rüdiger, VF-Group)
- PM48384: Potential pattern expansion problem when mod_proxy and mod_rewrite are (IBM)
- SE51505 - HTTPSVR - Follow up fix for CVE-2011-4317 (IBM)
- SI46401 - HTTPSVR - Follow up fix for CVE-2011-4317 (IBM)
- Wind River Linux Apache Security Update (WIND00322941 WIND00322939) (Avaya)
- Wind River Linux Apache Security Update (WIND00322941 WIND00322939) (Avaya)
- Xerox Security Bulletin XRX12-009 (Xerox)
- 2013-08 Security Bulletin: Junos Space: Multiple Vulnerabilities (Juniper Networks)
- 2014-11 Security Bulletin: CTPView: Multiple Security vulnerabilities resolved b (Juniper)
- Apache HTTP Server Reverse Proxy/Rewrite URL Validation Issue (Prutha Parikh)
- ASA-2012-086 httpd security update (RHSA-2012-0128) (Avaya)
- HPSBMU02748 SSRT100772 rev.1 - HP OpenView Network Node Manager (OV NNM) Running (HP)
- HPSBMU02786 SSRT100877 rev.1 - HP System Management Homepage (SMH) Running on Li (HP)
- HPSBOV02822 SSRT100966 rev.1 - HP Secure Web Server (SWS) for OpenVMS, Remote De (HP)
- Oracle Critical Patch Update Advisory - July 2012 (Oracle)
- Security Bulletin: Storwize V7000 Unified Update Includes Fixes for Multiple Ven (IBM)
- Xerox Security Bulletin XRX13-007 (Xerox)