CVE-2011-3368

Apache HTTP Server <2.2.22 - SSRF

Title source: llm

Description

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.

Exploits (4)

exploitdb WORKING POC VERIFIED

by Rodrigo Marcos · pythonremotemultiple

https://www.exploit-db.com/exploits/17969

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by SECFORCE · poc

https://github.com/SECFORCE/CVE-2011-3368

View Code ZIP pw:eip

nomisec WORKING POC

by colorblindpentester · poc

https://github.com/colorblindpentester/CVE-2011-3368

View Code ZIP pw:eip

metasploit SCANNER

by chao-mu · rubypoc

https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/rewrite_proxy_bypass.rb

View Code ZIP pw:eip

References (55)

[Mailing List] http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-0542.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-0543.html

[Vendor Advisory] http://kb.juniper.net/JSA10585

[Mailing List] http://lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html

[Mailing List] http://marc.info/?l=bugtraq&m=133294460209056&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=134987041210674&w=2

[Third Party Advisory, VDB Entry] http://osvdb.org/76079

[Mailing List] http://seclists.org/fulldisclosure/2011/Oct/232

[Mailing List] http://seclists.org/fulldisclosure/2011/Oct/273

[Third Party Advisory] http://secunia.com/advisories/46288

[Third Party Advisory] http://secunia.com/advisories/46414

[Vendor Advisory] http://support.apple.com/kb/HT5501

[Patch] http://svn.apache.org/viewvc?view=revision&revision=1179239

[Exploit, Patch] http://web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42

[Various Sources] http://www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48

[Various Sources] http://www.contextis.com/research/blog/reverseproxybypass/

... and 35 more

Scores

EPSS 0.7689

EPSS Percentile 99.0%

Details

CWE

CWE-20

Status published

Products (49)

apache/http_server 1.3

apache/http_server 1.3.0

apache/http_server 1.3.1

apache/http_server 1.3.1.1

apache/http_server 1.3.2

apache/http_server 1.3.3

apache/http_server 1.3.4

apache/http_server 1.3.5

apache/http_server 1.3.6

apache/http_server 1.3.7

... and 39 more

Published Oct 05, 2011

Tracked Since Feb 18, 2026