CVE-2011-4317

Apache HTTP Server <2.2.22 - SSRF

Title source: llm

Description

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Prutha Parikh · textremotelinux

https://www.exploit-db.com/exploits/36352

View Code ZIP pw:eip

References (33)

[Mailing List] http://lists.apple.com/archives/security-announce/2012/Sep/msg00004.html

[Vendor Advisory] http://rhn.redhat.com/errata/RHSA-2012-0128.html

[Vendor Advisory] http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c03360041

[Vendor Advisory] http://kb.juniper.net/JSA10585

[Mailing List] http://lists.opensuse.org/opensuse-updates/2013-02/msg00009.html

[Mailing List] http://lists.opensuse.org/opensuse-updates/2013-02/msg00012.html

[Mailing List] http://marc.info/?l=bugtraq&m=133294460209056&w=2

[Mailing List] http://marc.info/?l=bugtraq&m=134987041210674&w=2

[Third Party Advisory] http://secunia.com/advisories/48551

[Exploit] http://thread.gmane.org/gmane.comp.apache.devel/46440

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2012:003

[Vendor Advisory] http://www.mandriva.com/security/advisories?name=MDVSA-2013:150

[Third Party Advisory, VDB Entry] http://www.securitytracker.com/id?1026353

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=756483

[Exploit] https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue

[Mailing List] https://lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r05b5357d1f6bd106f41541ee7d87aafe3f5ea4dc3e9bde5ce09baff8%40%3Ccvs.httpd.apache.org%3E

[Mailing List] https://lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E

[Third Party Advisory] http://www.debian.org/security/2012/dsa-2405

... and 13 more

Scores

EPSS 0.8192

EPSS Percentile 99.2%

Details

CWE

CWE-20

Status published

Products (49)

apache/http_server 1.3

apache/http_server 1.3.0

apache/http_server 1.3.1

apache/http_server 1.3.1.1

apache/http_server 1.3.2

apache/http_server 1.3.3

apache/http_server 1.3.4

apache/http_server 1.3.5

apache/http_server 1.3.6

apache/http_server 1.3.7

... and 39 more

Published Nov 30, 2011

Tracked Since Feb 18, 2026