CVE-2011-3368

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2011-3368

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2011-3368.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2011-3368

Related

Published

2011-10-05T22:55:02Z

Modified

2024-06-30T12:01:22Z

Summary

[none]

Details

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

References

Affected packages

Debian:11 / apache2

Package

Name: apache2
Purl: pkg:deb/debian/apache2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.21-2

Ecosystem specific

{
    "urgency": "medium"
}

Debian:12 / apache2

Package

Name: apache2
Purl: pkg:deb/debian/apache2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.21-2

Ecosystem specific

{
    "urgency": "medium"
}

Debian:13 / apache2

Package

Name: apache2
Purl: pkg:deb/debian/apache2?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.21-2

Ecosystem specific

{
    "urgency": "medium"
}