Current Activity - Apache HTTP Server Reverse Proxy Bypass

[Current Activity <us-cert () us-cert gov>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

US-CERT Current Activity

Apache HTTP Server Reverse Proxy Bypass

Original release date: October 7, 2011 at 3:14 pm
Last revised: October 7, 2011 at 3:14 pm


The Apache Foundation has issued a Security Advisory to address a
vulnerability in Apache HTTP Server's reverse proxy mode. Exploitation
of this vulnerability may allow a remote attacker to gain access to
internal systems.

US-CERT encourages users and administrators to review the Apache HTTP
Server Security Advisory mod_proxy reverse proxy exposure and apply
any necessary updates or workarounds to help mitigate the risks.

Relevant Url(s):
<http://mail-archives.apache.org/mod_mbox/httpd-announce/201110.mbox/%3C20111005141541.GA7696 () redhat com%3E>

====
This entry is available at
http://www.us-cert.gov/current/index.html#apache_http_server_reverse_proxy

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTo9R8j/GkGVXE7GMAQJyCggAuTkDgqlpLerXMEqXuZCOvstWoCFeuHn+
w2Gi66CPlKJnJj0ygzzgdD0BGT1p7rUZ8ZVBDroUaP9JQSdHQQ2UmexCqCy8C306
aPeBt+DqfGEa4KY9PvKmjFD+mR+Yr+RCkqjQ3uG23tg+0MhxGlu0lR73dxMV1gkk
NRQUG6zkHtcaN6JVDFw24XbxFfqJd1OuSExer2xaL1lu1IVzNPFIpvmiVpJHDRNO
eLUAZ3D4vUnaEP0PCUfHV8khDq4jksBsSNgY9JPxpgBbZj3gECQziaS7rUyt0yNE
MC4fsP7U9ylDcJz6iePa8oGE4sWnwh1MMiQ99nnHPjKZCSIpV/7TLg==
=CuKj
-----END PGP SIGNATURE-----