-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Reference: Security Advisory 2011-0022 Title: Apache HTTP Server 'mod_proxy' Reverse Proxy Security Bypass Vulnerability [1][2] Version History: 24.11.2011 Initial publication Summary ======= Apache HTTP Server is prone to a security-bypass vulnerability. CVE-2011-4317(Candidate) Severity Level [3] CVSS2 Base 5 Remote Yes Local No Credibility Reliable Source Ease Exploit Available Authentication Not Required Potential Impact ================ Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications. 1. An attacker scans for a vulnerable webserver. The attacker must be able to run web applications on that server. 2. The attacker crafts a malicious URL designed to trigger the issue. 3. When the issue is triggered the attacker obtains sensitive information. Vulenrable systems ================== Among others: Apache Software Foundation Apache 2.0.0 Apache Software Foundation Apache 2.0.28 Apache Software Foundation Apache 2.0.32 Apache Software Foundation Apache 2.0.34 Apache Software Foundation Apache 2.0.35 Apache Software Foundation Apache 2.0.41 to 2.0.59 Apache Software Foundation Apache 2.0.59 to 2.2.15-dev Apache Software Foundation Apache 2.2.2 to 2.2.21 What can you do ? ================= Solutions: Currently we are not aware of any vendor-supplied patches. Work-arounds: Block external access at the network boundary unless external parties require service. Filter access to the affected computer at the network boundary if global access isn't needed. Restricting access to only trusted computers and networks might greatly reduce the likelihood of a successful exploit. Deploy network intrusion detection systems to monitor network traffic for malicious activity. Deploy NIDS to detect and block attacks and anomalous activity such as unexpected traffic. This may indicate exploit attempts. What to tell your users ? ========================= Normal security best practices apply. Especially, inform your Web users to be cautious about following links to sites that are provided by unfamiliar or suspicious sources. Users are to be aware not to click on the link in suspicious emails; to immediately forward the suspicious email to the respective IT security officer / contact in your institution. More information ================ [1] https://community.qualys.com/blogs/securitylabs/tags/cve-2011-4317 [2] http://thread.gmane.org/gmane.comp.apache.devel/46440 [3] CVSS Details CVSS Version 2 Scores CVSS2 Base 5 CVSS2 Temporal 4.5 CVSS2 Base Vector AV:N/AC:L/Au:N/C:P/I:N/A:N CVSS2 Temporal VectorE:F/RL:U/RC:UR More information about CVSS is available at http://www.first.org/cvss/cvss-guide.html Best regards, CERT-EU Pre-configuration Team (http://cert.europa.eu) Phone: +32.2.2990005 / e-mail: cert-eu@ec.europa.eu PGP; KeyID; 0; x46AC4383 FP: 9011 6BE9 D642 DD93 8348 DAFA 27A4 06CA 46AC 4383 -----BEGIN PGP SIGNATURE----- Version: BCPG v1.39 iQJXBAEBAgBBBQJOz5HFOhxDRVJUIGZvciB0aGUgRXVyb3BlYW4gSW5zdGl0dXRp b25zIDxjZXJ0LWV1QGVjLmV1cm9wYS5ldT4ACgkQJ6QGykasQ4PrQxAAoV62dPFc 4RUydzmk8VQoTHfHgrqeG9su73//Y5Rfyuv2xIdWd2ajPjDNd8YWqoXWG7EoSopb gt8h41HNLCcRQzFUcYU/dJGQjJLrZInArnWJmwLWT0+Pg4xun9h3Ovxn9oCHu/g+ h3Aps4wDROK21YCAPdKMeMu+ALpSKzbCVTCH4/pDgkKxcy3ic1u66SZtXk3vknzE LuXfxXqUWXYIIBDqBNpwFD1UOYdSHP7t/wh+m6y+ePovXUvPPWAkRXFvwz8rUA2/ 8GtVg5+rU/LTFvLvJVZFlzaG52jM+7/InPfer6awDNEcjAqEdJg8BP2yaJ5irzDJ F5RIQY73Hv3nZMS11ENtLBC9BjJoL5ZLH8rremDaIIF4joYfKpzlS42cIv37DzA1 o0yfBm5ZPUzv4cRHjU1wNGq/6ucDxsHPqOwnmhmEoK1AJVURnp2Pvs3iuKhmA3F8 tw49cb8l7pY4Th1Vi91lLDpA2RxsGiQXaysteSjPyehjOWlbAXbrHhVbNbRfymGP 9Gg01Us1fi3BOX2PMW/0Y72fYRrakXjfKn3fl5jpvDa1+Srt3CDtVCkuTvuHDH60 VyJaHH+d7KIdWzAoWdzoxo8yn/vBDBjN0ZNR3oZmxFEwqymEZ6ELJcUB7Lv9XIoa PW4ulaxCayRtEwKwcVzXjaJxD9526yBCBXM= =NQ5Z -----END PGP SIGNATURE-----