5
CVSSv2

CVE-2011-3368

Published: 05/10/2011 Updated: 21/11/2024

Vulnerability Summary

The mod_proxy module in the Apache HTTP Server 1.3.x up to and including 1.3.42, 2.0.x up to and including 2.0.64, and 2.2.x up to and including 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote malicious users to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server 1.3

apache http server 1.3.0

apache http server 1.3.1

apache http server 1.3.1.1

apache http server 1.3.2

apache http server 1.3.3

apache http server 1.3.4

apache http server 1.3.5

apache http server 1.3.6

apache http server 1.3.7

apache http server 1.3.8

apache http server 1.3.9

apache http server 1.3.10

apache http server 1.3.11

apache http server 1.3.12

apache http server 1.3.13

apache http server 1.3.14

apache http server 1.3.15

apache http server 1.3.16

apache http server 1.3.17

apache http server 1.3.18

apache http server 1.3.19

apache http server 1.3.20

apache http server 1.3.22

apache http server 1.3.23

apache http server 1.3.24

apache http server 1.3.25

apache http server 1.3.26

apache http server 1.3.27

apache http server 1.3.28

apache http server 1.3.29

apache http server 1.3.30

apache http server 1.3.31

apache http server 1.3.32

apache http server 1.3.33

apache http server 1.3.34

apache http server 1.3.35

apache http server 1.3.36

apache http server 1.3.37

apache http server 1.3.38

apache http server 1.3.39

apache http server 1.3.41

apache http server 1.3.42

apache http server 1.3.65

apache http server 1.3.68

apache http server 2.0

apache http server 2.0.9

apache http server 2.0.28

apache http server 2.0.32

apache http server 2.0.34

apache http server 2.0.35

apache http server 2.0.36

apache http server 2.0.37

apache http server 2.0.38

apache http server 2.0.39

apache http server 2.0.40

apache http server 2.0.41

apache http server 2.0.42

apache http server 2.0.43

apache http server 2.0.44

apache http server 2.0.45

apache http server 2.0.46

apache http server 2.0.47

apache http server 2.0.48

apache http server 2.0.49

apache http server 2.0.50

apache http server 2.0.51

apache http server 2.0.52

apache http server 2.0.53

apache http server 2.0.54

apache http server 2.0.55

apache http server 2.0.56

apache http server 2.0.57

apache http server 2.0.58

apache http server 2.0.59

apache http server 2.0.60

apache http server 2.0.61

apache http server 2.0.63

apache http server 2.0.64

apache http server 2.2.0

apache http server 2.2.1

apache http server 2.2.2

apache http server 2.2.3

apache http server 2.2.4

apache http server 2.2.6

apache http server 2.2.8

apache http server 2.2.9

apache http server 2.2.10

apache http server 2.2.11

apache http server 2.2.12

apache http server 2.2.13

apache http server 2.2.14

apache http server 2.2.15

apache http server 2.2.16

apache http server 2.2.18

apache http server 2.2.19

apache http server 2.2.20

apache http server 2.2.21

Vendor Advisories

Synopsis Moderate: httpd security update Type/Severity Security Advisory: Moderate Topic Updated httpd packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 6The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability S ...
Synopsis Moderate: httpd security and bug fix update Type/Severity Security Advisory: Moderate Topic Updated httpd packages that fix multiple security issues and one bug arenow available for JBoss Enterprise Web Server 102 for Red Hat EnterpriseLinux 5 and 6The Red Hat Security Response Team has rated th ...
Synopsis Moderate: httpd security update Type/Severity Security Advisory: Moderate Topic Updated httpd packages that fix multiple security issues are now availablefor Red Hat Enterprise Linux 5The Red Hat Security Response Team has rated this update as having moderatesecurity impact Common Vulnerability S ...
Multiple vulnerabilities and a regression were fixed in the Apache HTTP server ...
It was discovered that the Apache HTTP Server did not properly validate the request URI for proxied requests In certain configurations, if a reverse proxy used the ProxyPassMatch directive, or if it used the RewriteRule directive with the proxy flag, a remote attacker could make the proxy connect to an arbitrary server, possibly disclosing sensiti ...

Exploits

#!/usr/bin/env python import socket import string import getopt, sys known_ports = [0,21,22,23,25,53,69,80,110,137,139,443,445,3306,3389,5432,5900,8080] def send_request(url, apache_target, apache_port, internal_target, internal_port, resource): get = "GET " + url + "@" + internal_target + ":" + internal_port + "/" + resource + " HTTP/11\r\ ...
The mod_proxy module in the Apache HTTP Server 13x through 1342, 20x through 2064, and 22x through 2221 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an i ...
Context discovered a security vulnerability which allows for Apache in reverse proxy mode to be used to access internal/DMZ systems due to a weakness in its handling of URLs being processed by mod_rewrite Versions 13 and 2x are affected ...

Nmap Scripts

http-vuln-cve2011-3368

Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests:

nmap --script http-vuln-cve2011-3368 <targets>

PORT STATE SERVICE 80/tcp open http | http-vuln-cve2011-3368: | VULNERABLE: | Apache mod_proxy Reverse Proxy Security Bypass | State: VULNERABLE | IDs: CVE:CVE-2011-3368 OSVDB:76079 | Description: | An exposure was reported affecting the use of Apache HTTP Server in | reverse proxy mode. The exposure could inadvertently expose internal | servers to remote users who send carefully crafted requests. | Disclosure date: 2011-10-05 | Extra information: | Proxy allows requests to external websites | References: | http://osvdb.org/76079 |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
http-vuln-cve2011-3368

Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests:

nmap --script http-vuln-cve2011-3368 <targets>

PORT STATE SERVICE 80/tcp open http | http-vuln-cve2011-3368: | VULNERABLE: | Apache mod_proxy Reverse Proxy Security Bypass | State: VULNERABLE | IDs: CVE:CVE-2011-3368 BID:49957 | Description: | An exposure was reported affecting the use of Apache HTTP Server in | reverse proxy mode. The exposure could inadvertently expose internal | servers to remote users who send carefully crafted requests. | Disclosure date: 2011-10-05 | Extra information: | Proxy allows requests to external websites | References: | https://www.securityfocus.com/bid/49957 |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368

Github Repositories

PoC Scan. (cve-2011-3368)

CVE-2011-3368 PoC Exploit (cve-2011-3368) Install: git clone githubcom/colorblindpentester/CVE-2011-3368 cd CVE-2011-3368 python2 CVE-2011-3368py Tested on: OS X (macos) Parrot OS Kali linux

TL Pentest a rendre le 14 fevrier

PenTest Root/kali 14 fevrier Outils: Metasploit: open source Pen Testing tool, containing nmap, 1500 exploits Armitage: interface graphique pour Metasploit Kali CVE Metasploit msfconsole to launch show exploits / use &lt;path/to/exploit&gt; / show options nmap -A -p- -T4 VM Ip Adress 192168562 msfvenom: tool to create viruses exploit: code pour s'introduire d