CVE-2011-3368

Source
https://nvd.nist.gov/vuln/detail/CVE-2011-3368
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-3368.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2011-3368
Related
Published
2011-10-05T22:55:02Z
Modified
2024-06-30T12:01:22Z
Summary
[none]
Details

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

References

Affected packages

Debian:11 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.21-2

Ecosystem specific

{
    "urgency": "medium"
}

Debian:12 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.21-2

Ecosystem specific

{
    "urgency": "medium"
}

Debian:13 / apache2

Package

Name
apache2
Purl
pkg:deb/debian/apache2?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.2.21-2

Ecosystem specific

{
    "urgency": "medium"
}