The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a reverse proxy, which allows remote attackers to send requests to intranet servers via a malformed URI containing an initial @ (at sign) character.
kb.juniper.net/JSA10585
lists.apple.com/archives/security-announce/2012/Sep/msg00004.html
lists.opensuse.org/opensuse-security-announce/2011-11/msg00011.html
lists.opensuse.org/opensuse-updates/2013-02/msg00009.html
lists.opensuse.org/opensuse-updates/2013-02/msg00012.html
marc.info/?l=bugtraq&m=133294460209056&w=2
marc.info/?l=bugtraq&m=134987041210674&w=2
osvdb.org/76079
rhn.redhat.com/errata/RHSA-2012-0542.html
rhn.redhat.com/errata/RHSA-2012-0543.html
seclists.org/fulldisclosure/2011/Oct/232
seclists.org/fulldisclosure/2011/Oct/273
secunia.com/advisories/46288
secunia.com/advisories/46414
secunia.com/advisories/48551
support.apple.com/kb/HT5501
svn.apache.org/viewvc?view=revision&revision=1179239
web.archiveorange.com/archive/v/ZyS0hzECD5zzb2NkvQlt
www-01.ibm.com/support/docview.wss?uid=nas2064c7e5f53452ff686257927003c8d42
www-01.ibm.com/support/docview.wss?uid=nas2b7c57b1f1035675186257927003c8d48
www.contextis.com/research/blog/reverseproxybypass/
www.debian.org/security/2012/dsa-2405
www.exploit-db.com/exploits/17969
www.mandriva.com/security/advisories?name=MDVSA-2011:144
www.mandriva.com/security/advisories?name=MDVSA-2013:150
www.oracle.com/technetwork/topics/security/cpujan2015-1972971.html
www.oracle.com/technetwork/topics/security/cpujul2012-392727.html
www.redhat.com/support/errata/RHSA-2011-1391.html
www.redhat.com/support/errata/RHSA-2011-1392.html
www.securityfocus.com/bid/49957
www.securitytracker.com/id?1026144
bugzilla.redhat.com/show_bug.cgi?id=740045
exchange.xforce.ibmcloud.com/vulnerabilities/70336
lists.apache.org/thread.html/54a42d4b01968df1117cea77fc53d6beb931c0e05936ad02af93e9ac%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/5df9bfb86a3b054bb985a45ff9250b0332c9ecc181eec232489e7f79%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/8d63cb8e9100f28a99429b4328e4e7cebce861d5772ac9863ba2ae6f%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/f7f95ac1cd9895db2714fa3ebaa0b94d0c6df360f742a40951384a53%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r0276683d8e1e07153fc8642618830ac0ade85b9ae0dc7b07f63bb8fc%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r064df0985779b7ee044d3120d71ba59750427cf53f57ba3384e3773f%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r1d201e3da31a2c8aa870c8314623caef7debd74a13d0f25205e26f15%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r2cb985de917e7da0848c440535f65a247754db8b2154a10089e4247b%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r5419c9ba0951ef73a655362403d12bb8d10fab38274deb3f005816f5%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r57608dc51b79102f3952ae06f54d5277b649c86d6533dcd6a7d201f7%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r5f9c22f9c28adbd9f00556059edc7b03a5d5bb71d4bb80257c0d34e4%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r688df6f16f141e966a0a47f817e559312b3da27886f59116a94b273d%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r75cbe9ea3e2114e4271bbeca7aff96117b50c1b6eb7c4772b0337c1f%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r8828e649175df56f1f9e3919938ac7826128525426e2748f0ab62feb%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r9e8622254184645bc963a1d47c5d47f6d5a36d6f080d8d2c43b2b142%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r9ea3538f229874c80a10af473856a81fbf5f694cd7f471cc679ba70b%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/r9f93cf6dde308d42a9c807784e8102600d0397f5f834890708bf6920%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rb9c9f42dafa25d2f669dac2a536a03f2575bc5ec1be6f480618aee10%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rdca61ae990660bacb682295f2a09d34612b7bb5f457577fe17f4d064%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/re2e23465bbdb17ffe109d21b4f192e6b58221cd7aa8797d530b4cd75%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rf6449464fd8b7437704c55f88361b66f12d5b5f90bcce66af4be4ba9%40%3Ccvs.httpd.apache.org%3E
lists.apache.org/thread.html/rfbaf647d52c1cb843e726a0933f156366a806cead84fbd430951591b%40%3Ccvs.httpd.apache.org%3E