Latest Flaw In Apache Allows Attacker To Access Internal Directories
Security researcher Prutha Parikh discovered yet another reverse proxy vulnerability with Apache. The vulnerability was discovered as she was trying to write the signature for the older CVE-2011-4317 vulnerability. According to the security researcher, an attacker can manage to access the internal network if the vulnerability is successful exploited.
How Does It Work?
An attacker can make use of a crafted http request to bypass the security mechanism and exploit a fully patched version of Apache. This allows the attacker to access the internal network if reverse proxy rules are not properly configured.
Proof Of Concept:
The security researcher has demonstrated a POC at Qualys website here.