Apache vulnerability allows attackers to access internal servers

Apache vulnerability allows attackers to access internal servers

Security experts have discovered a gap of Context in the Apache Web server, accessed by the attacker from a distance on internal servers. The mod_rewrite rewrite engine ensures that requests are distributed to different servers based on definable rules, such as load balancing or dynamic to separate static content. This configuration is also referred to as a reverse proxy. Under certain circumstances, an @ sign in the inquiry leads to the fact that the rewrite rules, lead to an incorrect description of the URL and give the attacker any host can.

Mod_rewrite is formed from the HTTP request

GET @ InternalNotAccessibleServer console / HTTP/1.0

URL

http://internalserver:80 @ InternalNotAccessibleServer / console

By the @ is the part with the actual host as the HTTP Authentication and interprets the request to a server the attacker selectable (NotAccessibleServer) redirect that can be on the local network of the Apache server. Other examples provided by the Context Report. The only requirement is that the attacker is the local host name or the local IP of the server knows, he wants to access. On this information but it can get about using brute force.

Are affected Apache 1.3 and the 2-branch until version 2.2.20. Remedy creates an additional slash in the RewriteRule. How to check whether their own server is vulnerable and what changes you make in the case of the case must be experienced in the Context Report. The Apache Foundation has also already released a patch to version 2.2.21, which fixes this problem.