PROBLEM:
A vulnerability was reported in Apache. A remote user can access internal servers.
PLATFORM:
Apache HTTP Server Service
ABSTRACT:
Apache mod_proxy/mod_rewrite Bug Lets Remote Users Access Internal Servers.
reference LINKS:
SecurityTracker Alert ID: 1026353
Apache HTTP Server 2.2.21 Released
CVE-2011-4317
Apache HTTP Security
IMPACT ASSESSMENT:
Medium
Discussion:
When this system is configured in reverse proxy mode and uses the RewriteRule or ProxyPassMatch directives with a pattern match, a remote user can send a specially crafted request to access internal servers.
Impact:
Host/resource access via network.
A remote user can access internal servers.
Solution:
Restrict access to trusted users only. Apache HTTP Released Updates