CERT mailing list archives
Current Activity - Apache HTTP Server Reverse Proxy Bypass
From: Current Activity <us-cert () us-cert gov>
Date: Fri, 7 Oct 2011 15:24:44 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 US-CERT Current Activity Apache HTTP Server Reverse Proxy Bypass Original release date: October 7, 2011 at 3:14 pm Last revised: October 7, 2011 at 3:14 pm The Apache Foundation has issued a Security Advisory to address a vulnerability in Apache HTTP Server's reverse proxy mode. Exploitation of this vulnerability may allow a remote attacker to gain access to internal systems. US-CERT encourages users and administrators to review the Apache HTTP Server Security Advisory mod_proxy reverse proxy exposure and apply any necessary updates or workarounds to help mitigate the risks. Relevant Url(s): <http://mail-archives.apache.org/mod_mbox/httpd-announce/201110.mbox/%3C20111005141541.GA7696 () redhat com%3E> ==== This entry is available at http://www.us-cert.gov/current/index.html#apache_http_server_reverse_proxy -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.5 (GNU/Linux) iQEVAwUBTo9R8j/GkGVXE7GMAQJyCggAuTkDgqlpLerXMEqXuZCOvstWoCFeuHn+ w2Gi66CPlKJnJj0ygzzgdD0BGT1p7rUZ8ZVBDroUaP9JQSdHQQ2UmexCqCy8C306 aPeBt+DqfGEa4KY9PvKmjFD+mR+Yr+RCkqjQ3uG23tg+0MhxGlu0lR73dxMV1gkk NRQUG6zkHtcaN6JVDFw24XbxFfqJd1OuSExer2xaL1lu1IVzNPFIpvmiVpJHDRNO eLUAZ3D4vUnaEP0PCUfHV8khDq4jksBsSNgY9JPxpgBbZj3gECQziaS7rUyt0yNE MC4fsP7U9ylDcJz6iePa8oGE4sWnwh1MMiQ99nnHPjKZCSIpV/7TLg== =CuKj -----END PGP SIGNATURE-----
Current thread:
- Current Activity - Apache HTTP Server Reverse Proxy Bypass Current Activity (Oct 07)