Nmap Development mailing list archives
[Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass"
From: Gutek <ange.gutek () gmail com>
Date: Mon, 10 Oct 2011 19:54:02 +0200
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hi all, A few days ago Contextis (1) has published a flaw against some Apache webservers. It has been described as "a new type of security vulnerability which can allow full internal system access from the internet from an unauthenticated perspective. This technique exploits insecurely configured reverse web proxies to gain access to internal/DMZ systems. Apache web server is affected by this issue when running in reverse proxy mode" Attached is a NSE script to reveal this vulnerability. Unfortunately, I don't have a vulnerable target at hand, hence I've tested against a bunch of -iR. I've found a very few vulnerable ones, and that's not enough to be confident with this script. Of course I can't give them here, as I don't want to publicly expose them: that's why I'm calling for testers (2). The output looks as this: - -- PORT STATE SERVICE REASON - -- 80/tcp open http syn-ack - -- |_http-reverseproxy-bypass: VULNERABLE to CVE-2011-3368, allows requests to external websites Thanks ! A.G. (1) http://www.contextis.com/research/blog/reverseproxybypass/ (2) ...but I'd be happy to give an example privately :) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk6TMToACgkQ3aDTTO0ha7gbZQCfS16ZmZEiDPKslU6VzMFH2v+u Cd8An0OWh3p718AlMshj9T06tFP4+U2T =UABp -----END PGP SIGNATURE-----
Attachment:
http-reverseproxy-bypass.nse
Description:
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass" Gutek (Oct 10)
- Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass" Paulino Calderon (Oct 10)
- Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass" Gutek (Oct 11)
- Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass" David Fifield (Oct 12)
- Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass" Michael Meyer (Oct 11)
- Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass" Gutek (Oct 11)
- Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass" Michael Meyer (Oct 12)
- Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass" Gutek (Oct 12)
- Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass" Michael Meyer (Oct 12)
- Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass" Patrik Karlsson (Nov 05)
- Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass" Patrik Karlsson (Nov 11)
- Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass" Gutek (Oct 11)
- Re: [Request for Testers] CVE-2011-3368 "Reverse Proxy Bypass" Paulino Calderon (Oct 10)