Catch up on stories from the past week (and beyond) at the Slashdot story archive

 


Forgot your password?
Close
typodupeerror
×
Bug Networking Security Apache

Apache Flaw Allows Internal Network Access 99

Posted by samzenpus from the protect-ya-neck dept.
angry tapir writes "A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite rules are not defined properly. The vulnerability affects Apache installations that operate in reverse proxy mode, a type of configuration used for load balancing, caching and other operations that involve the distribution of resources over multiple servers."
This discussion has been archived. No new comments can be posted.

Apache Flaw Allows Internal Network Access More

Apache Flaw Allows Internal Network Access

Comments Filter:

  • This is a fairly minor vulnerability at best, in order for it to matter to you at all:

    1, you have to be using reverse proxy mode
    2, you have to have misconfigured your rewrite rules
    3, you have to actually have some internal resources that are private

    The webservers I run, aside from not using Apache in reverse proxy mode...

    Some of them are in isolated dmz networks, so the only data you could get at is part of the public website anyway...
    The others are standalone webservers connected direct to the internet, a reverse proxy wouldn't get you anything you couldn't get to directly.

    What percentage of apache users will actually fulfil all the criteria for this issue to even matter to them at all?

  • Re:Use nginx? (Score:4, Informative)

    by CmdrPony ( 2505686 ) on Monday November 28, 2011 @06:37AM (#38188470)
    It's on EPEL. And if you're running websites that need fast reverse proxying and caching on the web server side, you should be able to build it yourself too. nginx is specifically designed for this kind of stuff, and is much faster and more secure than Apache. It's Russian lightweight quality, while Apache is bloat as hell (for this kind of stuff).

  • OLD NEWS (Score:4, Informative)

    by Anonymous Coward on Monday November 28, 2011 @06:39AM (#38188484)

    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368 [mitre.org]

  • Re:Use nginx? (Score:4, Informative)

    by KiloByte ( 825081 ) on Monday November 28, 2011 @08:00AM (#38188906)

    If you do that, you pay full passthrough costs for every single URL -- parsing, 587598237592 (approximately) context switches, ferrying data between two userspace processes, etc. With Apache, you suffer that only for URLs you actually need to proxy.

Slashdot Top Deals

No man is an island if he's on at least one mailing list.

Close