6th October 2011
|
Administrator
|
|
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,132
|
|
Apache hole allows attackers to access internal servers
From http://h-online.com/-1355890
Quote:
Security experts at Context have discovered a hole in the Apache web server that allows remote attackers to access internal servers. The mod_rewrite rewrite engine ensures that requests are distributed across different servers according to definable rules, for example, in order to balance loads or to separate dynamic and static content. This configuration is also called a reverse proxy. In certain circumstances, an @ sign within a request can cause the rewrite rules to resolve URLs incorrectly, allowing attackers to specify arbitrary hosts.
|
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
|