Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21, when the Revision 1179239 patch is in place, does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an @ (at sign) character and a : (colon) character in invalid positions. NOTE: this vulnerability exists because of an incomplete fix for CVE-2011-3368.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Apache HTTP Server mod_proxy反向代理模式安全绕过漏洞
Vulnerability Description
Apache HTTP Server是美国阿帕奇(Apache)软件基金会的一款开源网页服务器。该服务器具有快速、可靠且可通过简单的API进行扩充的特点。 Apache HTTP Server 2.x版本中存在漏洞。该漏洞源于Apache HTTP Server在反向代理模式中配置mod_proxy模块时错误地处理了某些Web请求,攻击者可利用该漏洞通过特制的URL向代理后方的服务器发送请求,从而绕过某些安全限制。
CVSS Information
N/A
Vulnerability Type
N/A