CVE-2011-3368
Apache HTTP Server 1.3.x-1.3.42, 2.0.x-2.0.64, 2.2.x-2.2.21 SSRF via Malformed URI with @
Title source: llmExploitation Summary
EIP tracks 4 public exploits for CVE-2011-3368.
PoCs published by Rodrigo Marcos, SECFORCE, colorblindpentester, including Metasploit module auxiliary/scanner/http/rewrite_proxy_bypass.
AI-analyzed exploit summary This exploit leverages CVE-2011-3368, an SSRF vulnerability in Apache HTTP Server, to scan internal ports or retrieve resources from internal hosts by crafting malicious HTTP requests with the '@' character to bypass access controls.
Description
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
Exploits (4)
exploitdb
WORKING POC
VERIFIED
by Rodrigo Marcos · pythonremotemultiple
https://www.exploit-db.com/exploits/17969
This exploit leverages CVE-2011-3368, an SSRF vulnerability in Apache HTTP Server, to scan internal ports or retrieve resources from internal hosts by crafting malicious HTTP requests with the '@' character to bypass access controls.
Classification
Working Poc 95%
Attack Type
Ssrf
Complexity
Moderate
Reliability
Reliable
Target:
Apache HTTP Server (versions affected by CVE-2011-3368)
No auth needed
Prerequisites:
Network access to the vulnerable Apache server · Apache server configured to allow proxy requests or misconfigured access controls
devstral-2 · analyzed Feb 16, 2026
Full analysis →
nomisec
WORKING POC
1 stars
by SECFORCE · poc
https://github.com/SECFORCE/CVE-2011-3368
This PoC exploits CVE-2011-3368, an SSRF vulnerability in Apache HTTP Server, allowing an attacker to scan internal ports or retrieve resources from internal hosts via crafted HTTP requests. The script sends requests with a malformed URL to bypass access controls and probe internal services.
Classification
Working Poc 95%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target:
Apache HTTP Server (versions affected by CVE-2011-3368)
No auth needed
Prerequisites:
Network access to the vulnerable Apache server · Apache server configured to allow the malformed URL syntax
devstral-2 · analyzed Feb 16, 2026
Full analysis →
nomisec
WORKING POC
by colorblindpentester · poc
https://github.com/colorblindpentester/CVE-2011-3368
This PoC exploits CVE-2011-3368, an HTTP reverse proxy vulnerability in Apache HTTP Server, allowing internal port scanning and resource retrieval via crafted HTTP requests. It sends requests to an Apache server to probe internal hosts and ports, leveraging the vulnerability to bypass access controls.
Classification
Working Poc 95%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target:
Apache HTTP Server (versions affected by CVE-2011-3368)
No auth needed
Prerequisites:
Access to a vulnerable Apache HTTP Server instance · Network connectivity to the target server
devstral-2 · analyzed Feb 16, 2026
Full analysis →
metasploit
SCANNER
by chao-mu · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb
This Metasploit module scans for poorly configured Apache reverse proxy servers by attempting to bypass rewrite rules using an escape sequence and injected URI. It checks for vulnerability by comparing baseline and test status codes, flagging a 502 response as a potential bypass.
Classification
Scanner 100%
Attack Type
Ssrf
Complexity
Trivial
Reliability
Reliable
Target:
Apache with mod_rewrite
No auth needed
Prerequisites:
Access to the target server's HTTP/HTTPS service
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (55)
Core 55
Core References
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0543.html
Vendor Advisory vendor-advisory
x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0542.html
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
Exploit, Patch mailing-list
x_refsource_mlist
http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
Patch x_refsource_confirm
http://svn.apache.org/viewvc?view=revision&revision=1179239
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=134987041210674&w=2
Various Sources x_refsource_misc
http://www.contextis.com/research/blog/reverseproxybypass/
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Oct/273
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1391.html
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46288
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/76079
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/17969
Mailing List vendor-advisory
x_refsource_hp
http://marc.info/?l=bugtraq&m=133294460209056&w=2
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49957
Various Sources vendor-advisory
x_refsource_aixapar
http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
Vendor Advisory x_refsource_confirm
http://support.apple.com/kb/HT5501
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/70336
Vendor Advisory x_refsource_confirm
http://www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
Exploit, Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=740045
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1026144
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2011-1392.html
Mailing List mailing-list
x_refsource_fulldisc
http://seclists.org/fulldisclosure/2011/Oct/232
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2011:144
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:150
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46414
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48551
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2405
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
Vendor Advisory x_refsource_confirm
http://kb.juniper.net/JSA10585
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
Mailing List mailing-list
x_refsource_mlist
https://lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
Scores
EPSS
0.7254
EPSS Percentile
98.8%
Details
CWE
CWE-20
Status
published
Products (49)
apache/http_server
1.3
apache/http_server
1.3.0
apache/http_server
1.3.1
apache/http_server
1.3.1.1
apache/http_server
1.3.2
apache/http_server
1.3.3
apache/http_server
1.3.4
apache/http_server
1.3.5
apache/http_server
1.3.6
apache/http_server
1.3.7
... and 39 more
Published
Oct 05, 2011
Tracked Since
Feb 18, 2026