Linux Today: Linux News On Internet Time.

More on LinuxToday

Apache Server Hit by Reverse Proxy Flaw

Nov 28, 2011, 21:00 (1 Talkback[s])

"The open source Apache HTTP Web Server is at risk from a reverse proxy flaw that is currently unpatched. The flaw was disclosed Qualys security researcher Purtha Parikh late last week and is related to a flaw that Apache first attempted to fix in October.

"While reviewing the patch for the older issue CVE-2011-3368, it appeared that it was still possible to make use of a crafted request that could exploit a fully patched Apache Web Server (Apache 2.2.21 with CVE-2011-3368 patch applied) to allow access to internal systems if the reverse proxy rules are configured incorrectly, Parikh reported.

Complete Story

Related Stories: