Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
BID:51869
Info
Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
| Bugtraq ID: | 51869 |
| Class: | Design Error |
| CVE: |
CVE-2011-3639 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 06 2012 12:00AM |
| Updated: | Mar 22 2013 09:46PM |
| Credit: | Tomas Hoger |
| Vulnerable: |
RedHat Enterprise Linux Desktop Workstation 5 client Red Hat Enterprise Linux Workstation 6 Red Hat Enterprise Linux Server 6 Red Hat Enterprise Linux HPC Node Optional 6 Red Hat Enterprise Linux HPC Node 6 Red Hat Enterprise Linux Desktop Optional 6 Red Hat Enterprise Linux Desktop 6 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux 5 Server Oracle Enterprise Linux 5 IBM Storwize V7000 Unified 1.3.1.0 IBM Storwize V7000 Unified 1.3.0.5 IBM Storwize V7000 Unified 1.3.0.0 HP System Management Homepage 6.2.2 7 HP System Management Homepage 6.0 .96 HP System Management Homepage 3.0.2 .77 HP System Management Homepage 3.0.1 .73 HP System Management Homepage 3.0 .68 HP System Management Homepage 3.0 .64 HP System Management Homepage 6.3 HP System Management Homepage 6.2.0-12 HP System Management Homepage 6.2 HP System Management Homepage 6.2 HP System Management Homepage 6.1.0.103 HP System Management Homepage 6.1.0.102 HP System Management Homepage 6.1.0-103 HP System Management Homepage 6.1 HP System Management Homepage 6.0.0.95 HP System Management Homepage 6.0.0-95 HP System Management Homepage 6.0 HP System Management Homepage 3.0.2.77 B HP System Management Homepage 3.0.2-77 HP System Management Homepage 3.0.1-73 HP System Management Homepage 3.0.0-68 HP System Management Homepage 0 Debian Linux 6.0 sparc Debian Linux 6.0 s/390 Debian Linux 6.0 powerpc Debian Linux 6.0 mips Debian Linux 6.0 ia-64 Debian Linux 6.0 ia-32 Debian Linux 6.0 arm Debian Linux 6.0 amd64 Avaya Voice Portal 5.1.2 Avaya Voice Portal 5.1.1 Avaya Voice Portal 5.1 SP1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.1 Avaya Voice Portal 5.0 SP2 Avaya Voice Portal 5.0 SP1 Avaya Voice Portal 5.0 Avaya IP Office Application Server 8.0 Avaya IP Office Application Server 7.0 Avaya IP Office Application Server 6.1 Avaya IP Office Application Server 6.0 Avaya Aura Session Manager 6.1.3 Avaya Aura Session Manager 6.1.2 Avaya Aura Session Manager 6.1.1 Avaya Aura Session Manager 6.1 SP2 Avaya Aura Session Manager 6.1 Sp1 Avaya Aura Session Manager 6.1 Avaya Aura Session Manager 6.0 SP1 Avaya Aura Session Manager 6.0 Avaya Aura Session Manager 5.2 SP2 Avaya Aura Session Manager 5.2 SP1 Avaya Aura Session Manager 5.2 Avaya Aura Session Manager 1.1 Avaya Aura Session Manager 1.0 Avaya Aura Messaging 6.1 Avaya Aura Messaging 6.0.1 Avaya Aura Messaging 6.0 Avaya Aura Experience Portal 6.0 Avaya Aura Communication Manager Utility Services 6.2 Avaya Aura Communication Manager Utility Services 6.1 Avaya Aura Communication Manager Utility Services 6.0 Avaya Aura Communication Manager 6.0.1 Avaya Aura Communication Manager 6.0 Avaya Aura Application Enablement Services 5.2.1 Avaya Aura Application Enablement Services 6.1.1 Avaya Aura Application Enablement Services 6.1 Avaya Aura Application Enablement Services 5.2.3 Avaya Aura Application Enablement Services 5.2.2 Avaya Aura Application Enablement Services 5.2 Apache Software Foundation Apache 2.2.15 Apache Software Foundation Apache 2.2.14 Apache Software Foundation Apache 2.2.13 Apache Software Foundation Apache 2.2.12 Apache Software Foundation Apache 2.2.11 Apache Software Foundation Apache 2.2.10 Apache Software Foundation Apache 2.2.9 Apache Software Foundation Apache 2.2.8 Apache Software Foundation Apache 2.2.6 Apache Software Foundation Apache 2.2.5 Apache Software Foundation Apache 2.2.4 Apache Software Foundation Apache 2.2.3 Apache Software Foundation Apache 2.2.2 Apache Software Foundation Apache 2.2 Apache Software Foundation Apache 2.0.63 Apache Software Foundation Apache 2.0.61 Apache Software Foundation Apache 2.0.60 Apache Software Foundation Apache 2.0.59 Apache Software Foundation Apache 2.0.58 Apache Software Foundation Apache 2.0.57 Apache Software Foundation Apache 2.0.56 -dev Apache Software Foundation Apache 2.0.56 Apache Software Foundation Apache 2.0.55 Apache Software Foundation Apache 2.0.54 Apache Software Foundation Apache 2.0.53 Apache Software Foundation Apache 2.0.52 Apache Software Foundation Apache 2.0.51 Apache Software Foundation Apache 2.0.50 Apache Software Foundation Apache 2.0.49 Apache Software Foundation Apache 2.0.48 Apache Software Foundation Apache 2.0.47 Apache Software Foundation Apache 2.0.46 Apache Software Foundation Apache 2.0.45 Apache Software Foundation Apache 2.0.44 Apache Software Foundation Apache 2.0.43 Apache Software Foundation Apache 2.0.42 Apache Software Foundation Apache 2.0.41 Apache Software Foundation Apache 2.0.40 Apache Software Foundation Apache 2.0.39 Apache Software Foundation Apache 2.0.38 Apache Software Foundation Apache 2.0.37 Apache Software Foundation Apache 2.0.36 Apache Software Foundation Apache 2.0.35 Apache Software Foundation Apache 2.0.34 -BETA Apache Software Foundation Apache 2.0.32 -BETA Apache Software Foundation Apache 2.0.32 Apache Software Foundation Apache 2.0.28 -BETA Apache Software Foundation Apache 2.0.28 Beta Apache Software Foundation Apache 2.0.28 Apache Software Foundation Apache 2.0.9 Apache Software Foundation Apache 2.0 a9 Apache Software Foundation Apache 2.0 Apache Software Foundation Apache 2.2.7-dev Apache Software Foundation Apache 2.2.6-dev Apache Software Foundation Apache 2.2.5-dev Apache Software Foundation Apache 2.2.21 Apache Software Foundation Apache 2.2.21 Apache Software Foundation Apache 2.2.20 Apache Software Foundation Apache 2.2.19 Apache Software Foundation Apache 2.2.18 Apache Software Foundation Apache 2.2.17 Apache Software Foundation Apache 2.2.16 Apache Software Foundation Apache 2.2.15-dev Apache Software Foundation Apache 2.2.1 Apache Software Foundation Apache 2.2 Apache Software Foundation Apache 2.0.64-dev Apache Software Foundation Apache 2.0.64 Apache Software Foundation Apache 2.0.62-dev Apache Software Foundation Apache 2.0.61-dev Apache Software Foundation Apache 2.0.60-dev |
| Not Vulnerable: |
HP System Management Homepage 7.0 |
Discussion
Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
Apache HTTP Server is prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications.
Apache HTTP Server is prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications.
Exploit / POC
Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
An attacker needs to host a malicious web application on the affected webserver.
The following example patterns are available:
RewriteRule ^(.*) http://www.example.com$1
ProxyPassMatch ^(.*) http://www.example.com$1
An attacker needs to host a malicious web application on the affected webserver.
The following example patterns are available:
RewriteRule ^(.*) http://www.example.com$1
ProxyPassMatch ^(.*) http://www.example.com$1
Solution / Fix
Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
Apache HTTP Server CVE-2011-3639 'mod_proxy' Reverse Proxy Security Bypass Vulnerability
References:
References:
- Apache Homepage (Apache Software Foundation)
- Apache HTTP Server Reverse Proxy/Rewrite URL Validation Issue (Prutha Parikh)
- ASA-2012-086 httpd security update (RHSA-2012-0128) (Avaya)
- ASA-2012-127 httpd security update (RHSA-2012-0323) (Avaya)
- ASA-2012-127: httpd security update (RHSA-2012-0323) (Avaya)