DaemonForums  

Go Back   DaemonForums > DaemonForums.org > News

News News regarding BSD and related.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 6th October 2011
J65nko J65nko is offline
Administrator
 
Join Date: May 2008
Location: Budel - the Netherlands
Posts: 4,128
Default Apache hole allows attackers to access internal servers

From http://h-online.com/-1355890

Quote:
Security experts at Context have discovered a hole in the Apache web server that allows remote attackers to access internal servers. The mod_rewrite rewrite engine ensures that requests are distributed across different servers according to definable rules, for example, in order to balance loads or to separate dynamic and static content. This configuration is also called a reverse proxy. In certain circumstances, an @ sign within a request can cause the rewrite rules to resolve URLs incorrectly, allowing attackers to specify arbitrary hosts.
__________________
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Adobe: hole closed, hole open J65nko News 0 5th November 2010 06:50 PM
PF cannot access Internet from internal network gpatrick OpenBSD Security 3 29th August 2010 10:59 PM
Redirect Internal Network to Internal Website plexter OpenBSD Security 12 12th February 2009 08:00 PM
apache error .. vhosts and access edhunter FreeBSD General 21 19th July 2008 10:24 PM
Apache on two servers but one public IP marco64 General software and network 2 4th June 2008 07:29 PM


All times are GMT. The time now is 10:48 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick