“The open source Apache HTTP Web Server is at risk from a
reverse proxy flaw that is currently unpatched. The flaw was
disclosed Qualys security researcher Purtha Parikh late last week
and is related to a flaw that Apache first attempted to fix in
October.“While reviewing the patch for the older issue CVE-2011-3368, it
appeared that it was still possible to make use of a crafted
request that could exploit a fully patched Apache Web Server
(Apache 2.2.21 with CVE-2011-3368 patch applied) to allow access to
internal systems if the reverse proxy rules are configured
incorrectly, Parikh reported.