CVE-2011-3639

Apache HTTP Server <2.0.64, <2.2.18 - SSRF

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2011-3639. PoCs published by Tomas Hoger.

AI-analyzed exploit summary The provided code snippet is a configuration example demonstrating how Apache HTTP Server's RewriteRule and ProxyPassMatch directives can be misconfigured to bypass security restrictions, leading to information disclosure. It does not contain executable exploit code but illustrates the vulnerability described in CVE-2011-3639.

Description

The mod_proxy module in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x before 2.2.18, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers by using the HTTP/0.9 protocol with a malformed URI containing an initial @ (at sign) character. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

Exploits (1)

exploitdb WRITEUP VERIFIED
by Tomas Hoger · textremotelinux
https://www.exploit-db.com/exploits/36663

The provided code snippet is a configuration example demonstrating how Apache HTTP Server's RewriteRule and ProxyPassMatch directives can be misconfigured to bypass security restrictions, leading to information disclosure. It does not contain executable exploit code but illustrates the vulnerability described in CVE-2011-3639.

Classification
Writeup 90%
Attack Type
Info Leak
Complexity
Trivial
Reliability
Theoretical
Target: Apache HTTP Server
No auth needed
Prerequisites: Misconfigured Apache HTTP Server with RewriteRule or ProxyPassMatch directives
mistral-large-3 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=752080
Vendor Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2012-0128.html
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2405

Scores

EPSS 0.5253
EPSS Percentile 98.8%

Details

CWE
CWE-20
Status published
Products (50)
apache/http_server 2.0.11
apache/http_server 2.0.12
apache/http_server 2.0.13
apache/http_server 2.0.14
apache/http_server 2.0.15
apache/http_server 2.0.16
apache/http_server 2.0.17
apache/http_server 2.0.18
apache/http_server 2.0.19
apache/http_server 2.0.20
... and 40 more
Published Nov 30, 2011
Tracked Since Feb 18, 2026