CVE-2011-3368
Description
The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
Risk Information
Base Score
9.1
MODERATE
Vector
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
EPSS Score
Exploitation Probability
78.613
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Update Apache to version 1.3.42 | Windows |
| Vulnerabilities CVE-2011-3368 are fixed in Apache 2.0.65 | Windows |
| Multiple vulnerabilities are affected in Oracle HTTP Server 5.0 | Windows |
| Multiple vulnerabilities are fixed in OS X Lion Update 10.7.5 (Client) | Mac |
| Multiple vulnerabilities are fixed in OS X Lion Update 10.7.5 (Client Combo) | Mac |
| apache2 regression update(DSA-3325-2) apache2_2.2.22-13+deb7u6_i386.deb | Linux |
| Update Apache to version 1.3.42 (For Linux) | Linux |
| Improper Input Validation Vulnerability (CVE-2011-3368) | NCM |
Patch Details
Click to see the patches provided by ManageEngine for this CVE
| Patch ID | Patch Description |
|---|---|
| PATCH-600003 | OS X Lion Update 10.7.5 (Client) |
| PATCH-600004 | OS X Lion Update 10.7.5 (Client Combo) |
References
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234