Signature Detail

HTTP: Apache HTTP Server Reverse Proxy/Rewrite URL Exploit

This signature detects attempts to exploit a known common configuration flaw with Apache HTTP Server. An attacker can send a malformed request that can bypass common proxy filters and access internal resources.

Extended Description

Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications.

Affected Products

• Apache Software Foundation Apache 2.0.0
• Apache Software Foundation Apache 2.0.0 A9
• Apache Software Foundation Apache 2.0.28
• Apache Software Foundation Apache 2.0.28 Beta
• Apache Software Foundation Apache 2.0.28 -BETA
• Apache Software Foundation Apache 2.0.32
• Apache Software Foundation Apache 2.0.32 -BETA
• Apache Software Foundation Apache 2.0.34 -BETA
• Apache Software Foundation Apache 2.0.35
• Apache Software Foundation Apache 2.0.36
• Apache Software Foundation Apache 2.0.37
• Apache Software Foundation Apache 2.0.38
• Apache Software Foundation Apache 2.0.39
• Apache Software Foundation Apache 2.0.40
• Apache Software Foundation Apache 2.0.41
• Apache Software Foundation Apache 2.0.42
• Apache Software Foundation Apache 2.0.43
• Apache Software Foundation Apache 2.0.44
• Apache Software Foundation Apache 2.0.45
• Apache Software Foundation Apache 2.0.46
• Apache Software Foundation Apache 2.0.47
• Apache Software Foundation Apache 2.0.48
• Apache Software Foundation Apache 2.0.49
• Apache Software Foundation Apache 2.0.50
• Apache Software Foundation Apache 2.0.51
• Apache Software Foundation Apache 2.0.52
• Apache Software Foundation Apache 2.0.53
• Apache Software Foundation Apache 2.0.54
• Apache Software Foundation Apache 2.0.55
• Apache Software Foundation Apache 2.0.56
• Apache Software Foundation Apache 2.0.56 -Dev
• Apache Software Foundation Apache 2.0.57
• Apache Software Foundation Apache 2.0.58
• Apache Software Foundation Apache 2.0.59
• Apache Software Foundation Apache 2.0.60
• Apache Software Foundation Apache 2.0.60-Dev
• Apache Software Foundation Apache 2.0.61
• Apache Software Foundation Apache 2.0.61-Dev
• Apache Software Foundation Apache 2.0.62-Dev
• Apache Software Foundation Apache 2.0.63
• Apache Software Foundation Apache 2.0.64
• Apache Software Foundation Apache 2.0.64-Dev
• Apache Software Foundation Apache 2.0.9
• Apache Software Foundation Apache 2.2
• Apache Software Foundation Apache 2.2.0
• Apache Software Foundation Apache 2.2.1
• Apache Software Foundation Apache 2.2.10
• Apache Software Foundation Apache 2.2.11
• Apache Software Foundation Apache 2.2.12
• Apache Software Foundation Apache 2.2.13
• Apache Software Foundation Apache 2.2.14
• Apache Software Foundation Apache 2.2.15
• Apache Software Foundation Apache 2.2.15-Dev
• Apache Software Foundation Apache 2.2.16
• Apache Software Foundation Apache 2.2.17
• Apache Software Foundation Apache 2.2.18
• Apache Software Foundation Apache 2.2.19
• Apache Software Foundation Apache 2.2.2
• Apache Software Foundation Apache 2.2.20
• Apache Software Foundation Apache 2.2.21
• Apache Software Foundation Apache 2.2.21
• Apache Software Foundation Apache 2.2.3
• Apache Software Foundation Apache 2.2.4
• Apache Software Foundation Apache 2.2.5
• Apache Software Foundation Apache 2.2.5-Dev
• Apache Software Foundation Apache 2.2.6
• Apache Software Foundation Apache 2.2.6-Dev
• Apache Software Foundation Apache 2.2.7-Dev
• Apache Software Foundation Apache 2.2.8
• Apache Software Foundation Apache 2.2.9
• Avaya Aura Experience Portal 6.0
• Debian Linux 6.0 amd64
• Debian Linux 6.0 arm
• Debian Linux 6.0 ia-32
• Debian Linux 6.0 ia-64
• Debian Linux 6.0 mips
• Debian Linux 6.0 powerpc
• Debian Linux 6.0 s/390
• Debian Linux 6.0 sparc
• Gentoo Linux
• HP OpenView Network Node Manager 7.53 - Hp-Ux
• HP OpenView Network Node Manager 7.53 - Linux
• HP OpenView Network Node Manager 7.53 - Solaris
• HP System Management Homepage 3.0.0.64
• HP System Management Homepage 3.0.0-68
• HP System Management Homepage 3.0.0.68
• HP System Management Homepage 3.0.1-73
• HP System Management Homepage 3.0.1.73
• HP System Management Homepage 3.0.2-77
• HP System Management Homepage 3.0.2.77
• HP System Management Homepage 3.0.2.77 B
• HP System Management Homepage 6.0
• HP System Management Homepage 6.0.0-95
• HP System Management Homepage 6.0.0.95
• HP System Management Homepage 6.0.0.96
• HP System Management Homepage 6.1
• HP System Management Homepage 6.1.0.102
• HP System Management Homepage 6.1.0-103
• HP System Management Homepage 6.1.0.103
• HP System Management Homepage 6.2
• HP System Management Homepage 6.2
• HP System Management Homepage 6.2.0-12
• HP System Management Homepage 6.2.2.7
• HP System Management Homepage 6.3
• HP System Management Homepage 7.1
• HP System Management Homepage
• IBM HTTP Server 7.0.0.11
• IBM HTTP Server 7.0.0.13
• IBM HTTP Server 7.0.0.15
• IBM HTTP Server 7.0.0.17
• IBM HTTP Server 7.0.0.19
• IBM HTTP Server 7.0.0.5
• IBM OS/400 V6R1M0
• Mandriva Enterprise Server 5
• Mandriva Enterprise Server 5 X86 64
• Mandriva Linux Mandrake 2010.1
• Mandriva Linux Mandrake 2010.1 X86 64
• Mandriva Linux Mandrake 2011
• Mandriva Linux Mandrake 2011 x86_64
• Oracle Enterprise Linux 6
• Oracle Enterprise Linux 6.2
• Oracle Fusion Middleware 10.1.3.5
• Oracle Fusion Middleware 11.1.1.5.0
• Oracle Fusion Middleware 11.1.1.6
• Oracle Fusion Middleware 11g 11.1.1.1.0 R1
• Oracle Fusion Middleware 11g 11.1.1.2.0 R1
• Oracle Fusion Middleware 11g 11.1.1.3.0 R1
• Oracle Fusion Middleware 11g 11.1.1.4.0 R1
• Oracle Fusion Middleware 11g 11.1.1.5.0 R1
• Oracle Oracle10g Application Server 10.1.3 .5.0
• Oracle Oracle9i Application Server 1.0.2 .2
• Oracle Oracle Fusion Middleware 11g Release 1 11.1.1.5
• Oracle Oracle Fusion Middleware 11g Release 1 11.1.1.5
• Oracle Oracle Fusion Middleware 11g Release 1 11.1.1.6
• Oracle Oracle Fusion Middleware 11g Release 1 11.1.1.6
• Oracle Oracle Fusion Middleware 11g Release 2 11.1.2.0
• Oracle Oracle Fusion Middleware 11g Release 2 11.1.2.0
• Red Hat Enterprise Linux Desktop 6
• Red Hat Enterprise Linux Desktop Optional 6
• Red Hat Enterprise Linux HPC Node 6
• Red Hat Enterprise Linux HPC Node Optional 6
• Red Hat Enterprise Linux Server 6
• Red Hat Enterprise Linux Workstation 6
• Red Hat Fedora 15
• Slackware Linux 12.0
• Slackware Linux 12.1
• Slackware Linux 12.2
• Slackware Linux 13.0
• Slackware Linux 13.0 X86 64
• Slackware Linux 13.1
• Slackware Linux 13.1 X86 64
• Slackware Linux 13.37
• Slackware Linux 13.37 x86_64
• Slackware Linux -Current
• Slackware Linux X86 64 -Current
• Ubuntu Ubuntu Linux 10.04 Amd64
• Ubuntu Ubuntu Linux 10.04 ARM
• Ubuntu Ubuntu Linux 10.04 I386
• Ubuntu Ubuntu Linux 10.04 Powerpc
• Ubuntu Ubuntu Linux 10.04 Sparc
• Ubuntu Ubuntu Linux 10.10 amd64
• Ubuntu Ubuntu Linux 10.10 ARM
• Ubuntu Ubuntu Linux 10.10 i386
• Ubuntu Ubuntu Linux 10.10 powerpc
• Ubuntu Ubuntu Linux 11.04 amd64
• Ubuntu Ubuntu Linux 11.04 ARM
• Ubuntu Ubuntu Linux 11.04 i386
• Ubuntu Ubuntu Linux 11.04 powerpc
• Ubuntu Ubuntu Linux 11.10 amd64
• Ubuntu Ubuntu Linux 11.10 i386
• Ubuntu Ubuntu Linux 8.04 LTS Amd64
• Ubuntu Ubuntu Linux 8.04 LTS I386
• Ubuntu Ubuntu Linux 8.04 LTS Lpia
• Ubuntu Ubuntu Linux 8.04 LTS Powerpc
• Ubuntu Ubuntu Linux 8.04 LTS Sparc

References

• BugTraq: 50802
• CVE: CVE-2011-4317
• URL: https://community.qualys.com/blogs/securitylabs/2011/11/23/apache-reverse-proxy-bypass-issue