Lucene search
Veracode Vulnerability DatabaseVERACODE:24963HistoryApr 10, 2020 - 1:10 a.m.
Man-in-the-Middle (MitM)
2020-04-1001:10:15
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
17
EPSS
0.973
Percentile
99.9%
httpd is vulnerable to man-in-the-middle (MiTM). The vulnerability exists as it was discovered that the fix for CVE-2011-3368 (released via RHSA-2011:1391) did not completely address the problem. An attacker could bypass the fix and make a reverse proxy connect to an arbitrary server not directly accessible to the attacker by sending an HTTP version 0.9 request, or by using a specially-crafted URI.
References
rhn.redhat.com/errata/RHSA-2012-0128.html
svn.apache.org/viewvc?view=revision&revision=1188745
www.debian.org/security/2012/dsa-2405
access.redhat.com/errata/RHSA-2012:0128
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=752080
rhn.redhat.com/errata/RHSA-2011-1391.html
Related
prion
prion
Design/Logic Flaw
2011-11-30 04:05:00
Design/Logic Flaw
2011-10-05 22:55:00
Design/Logic Flaw
2011-11-30 04:05:00
nvd
nvd
debiancve
debiancve
cvelist
cvelist
f5
f5
K20979231 : Apache vulnerability CVE-2011-3639
2015-12-29 00:00:00
SOL20979231 - Apache vulnerability CVE-2011-3639
2015-12-29 00:00:00
ubuntucve
ubuntucve
cve
cve
nessus
nessus
Apache HTTP Server mod_proxy Reverse Proxy HTTP 0.9 Information Disclosure
2012-02-09 00:00:00
FreeBSD : Apache 1.3 -- mod_proxy reverse proxy exposure (d8c901ff-0f0f-11e1-902b-20cf30e32f6d)
2011-11-15 00:00:00
Mandriva Linux Security Advisory : apache (MDVSA-2011:144)
2011-10-10 00:00:00
securityvulns
securityvulns
[ MDVSA-2011:144 ] apache
2011-10-12 00:00:00
Apache mod_proxy unauthorized internal network access
2012-01-11 00:00:00
[Announce] Apache HTTP Server 2.2.22 Released
2012-02-03 00:00:00
packetstorm
packetstorm
Apache Reverse Proxy Bypass
2011-10-06 00:00:00
Apache mod_proxy Proof Of Concept
2011-10-11 00:00:00
Apache Reverse Proxy Bypass Scanner
2024-09-01 00:00:00
seebug
seebug
Apache HTTP Server 'mod_proxy'ๅๅไปฃ็ไฟกๆฏๆณ้ฒๆผๆด
2011-10-08 00:00:00
Apache mod_proxy Reverse Proxy Exposure
2011-10-06 00:00:00
Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
2011-10-12 00:00:00
openvas
openvas
Oracle: Security Advisory (ELSA-2011-1392)
2015-10-06 00:00:00
FreeBSD Ports: apache
2012-02-13 00:00:00
FreeBSD Ports: apache
2012-02-13 00:00:00
altlinux
altlinux
Security fix for the ALT Linux 9 package apache2 version 2.2.21-alt2
2011-11-19 00:00:00
Security fix for the ALT Linux 10 package apache2 version 2.2.21-alt2
2011-11-19 00:00:00
Security fix for the ALT Linux 8 package apache2 version 2.2.21-alt2
2011-11-19 00:00:00
metasploit
metasploit
Apache Reverse Proxy Bypass Vulnerability Scanner
2011-10-10 22:34:50
checkpoint_advisories
checkpoint_advisories
Apache HTTPD mod_proxy Information Disclosure (CVE-2011-3368)
2011-11-01 00:00:00
Apache HTTPD mod_proxy Security Bypass (CVE-2011-3368)
2012-03-05 00:00:00
exploitpack
exploitpack
Apache mod_proxy - Reverse Proxy Exposure
2011-10-11 00:00:00
httpd
httpd
Apache Httpd < 2.2.22 : mod_proxy reverse proxy exposure
2011-09-16 00:00:00
Apache Httpd < 2.0.65 : mod_proxy reverse proxy exposure
2011-09-16 00:00:00
Apache Httpd < 1.3-never : mod_proxy reverse proxy exposure
2011-09-16 00:00:00
threatpost
threatpost
New Apache Reverse Proxy Issue Uncovered
2011-11-26 23:41:49
veracode
veracode
Information Disclosure
2020-04-10 01:03:06
Unauthorized Reverse Proxy Connection
2020-04-10 01:10:16
oraclelinux
oraclelinux
httpd security and bug fix update
2011-10-20 00:00:00
httpd security and bug fix update
2011-10-20 00:00:00
httpd security update
2012-02-28 00:00:00
exploitdb
exploitdb
Apache mod_proxy - Reverse Proxy Exposure
2011-10-11 00:00:00
Apache 2.2.15 mod_proxy - Reverse Proxy Security Bypass
2012-02-06 00:00:00
zdt
zdt
Apache mod_proxy Reverse Proxy Exposure Vulnerability PoC
2011-10-10 00:00:00
freebsd
freebsd
Apache 1.3 -- mod_proxy reverse proxy exposure
2011-10-05 00:00:00
apache -- multiple vulnerabilities
2011-10-05 00:00:00
redhat
redhat
(RHSA-2012:0323) Moderate: httpd security update
2012-02-21 00:00:00
(RHSA-2012:0128) Moderate: httpd security update
2012-02-13 00:00:00
(RHSA-2011:1392) Moderate: httpd security and bug fix update
2011-10-20 00:00:00
osv
osv
apache2 - multiple issues
2012-02-06 00:00:00
apache2-2.4.23-4.1 on GA media
2024-06-15 00:00:00
amazon
amazon
Medium: httpd
2012-02-16 10:48:00
Medium: httpd
2011-10-31 18:19:00
debian
debian
[SECURITY] [DSA 2405-1] apache2 security update
2012-02-06 09:06:39
[SECURITY] [DSA 2405-1] apache2 security update
2012-02-06 09:06:39
centos
centos
httpd, mod_ssl security update
2012-02-14 11:13:29
httpd, mod_ssl security update
2011-10-20 21:19:56
thn
thn
New Apache Reverse Proxy Flaw Allows Access to Internal Network
2011-11-27 08:58:00
suse
suse
Security update for Apache2 (important)
2011-11-04 09:08:25
apache2: Fixed several security issues (important)
2011-11-04 09:08:34
Security update for apache2 (important)
2011-11-09 19:08:34
nmap
nmap
http-vuln-cve2011-3368 NSE Script
2011-11-17 19:33:19
ubuntu
ubuntu
Apache vulnerabilities
2011-11-11 00:00:00
fedora
fedora
[SECURITY] Fedora 16 Update: httpd-2.2.22-1.fc16
2012-02-21 01:28:42
[SECURITY] Fedora 15 Update: httpd-2.2.22-1.fc15
2012-03-06 19:30:50
slackware
slackware
[slackware-security] httpd
2012-02-10 17:43:57
ibm
ibm
kaspersky
kaspersky
KLA10065 Multiple vulnerabilities in Apache httpd
2013-07-22 00:00:00
gentoo
gentoo
Apache HTTP Server: Multiple vulnerabilities
2012-06-24 00:00:00
hackerone
hackerone
U.S. Dept Of Defense: Out-of-date Version (Apache)
2016-11-24 15:09:27
oracle
oracle
Oracle Critical Patch Update - July 2012
2012-07-17 00:00:00
Oracle Critical Patch Update Advisory - January 2015
2015-03-10 00:00:00