header-logo
Suggest Exploit
vendor:
Apache HTTP Server
by:
Kingcope
8,5
CVSS
HIGH
Security-Bypass
287
CWE
Product Name: Apache HTTP Server
Affected Version From: Apache HTTP Server 2.2.21
Affected Version To: Apache HTTP Server 2.2.22
Patch Exists: YES
Related CWE: CVE-2012-4558
CPE: a:apache:http_server:2.2.22
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2013-1207/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2013-1208/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2013-1012/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2013-1011/https://www.rapid7.com/db/vulnerabilities/centos_linux-cve-2012-4558/https://www.rapid7.com/db/vulnerabilities/ibm-http_server-cve-2012-4558/https://www.rapid7.com/db/vulnerabilities/apple-osx-apache-cve-2012-4558/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2013-0815/https://www.rapid7.com/db/vulnerabilities/apache-httpd-cve-2012-4558/https://www.rapid7.com/db/vulnerabilities/suse-cve-2012-4558/https://www.rapid7.com/db/vulnerabilities/hpux-cve-2012-4558/https://www.rapid7.com/db/vulnerabilities/oracle-solaris-cve-2012-4558/https://www.rapid7.com/db/vulnerabilities/alpine-linux-cve-2012-4558/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux, Mac
2012

Apache HTTP Server Security-Bypass Vulnerability

Apache HTTP Server is prone to a security-bypass vulnerability. Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications. RewriteRule ^(.*) http://www.example.com$1 ProxyPassMatch ^(.*) http://www.example.com$1

Mitigation:

Upgrade to Apache HTTP Server 2.2.23 or later.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/51869/info

Apache HTTP Server is prone to a security-bypass vulnerability.

Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications. 

RewriteRule ^(.*) http://www.example.com$1
ProxyPassMatch ^(.*) http://www.example.com$1

Navigation

Suggest Exploit

Services By CQR