What is CVE-2011-3368?

CVE-2011-3368 is a vulnerability in Apache Http_server, classified under Improper Input Validation. Published 2011-10-05.

Is CVE-2011-3368 known to be exploited?

31 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Improper input validation in Apache Http_server

CVE-2011-3368

The mod_proxy module in the Apache HTTP Server 1.3.x through 1.3.42, 2.0.x through 2.0.64, and 2.2.x through 2.2.21 does not properly interact with use of (1) RewriteRule and (2) ProxyPassMatch pattern matches for configuration of a revers…

Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)

EPSS: 0.769 (99.0th percentile) — read the EPSS interpretation.

Affected products

Apache Http_server — versions 1.3, 1.3.0, 1.3.1
N/a — versions n/a

Weakness classification (CWE)

CWE-20 — Improper Input Validation

Public proof-of-concept exploits

References

[announce] 20111005 Advisory: mod_proxy reverse proxy exposure (CVE-2011-3368) (mailing-list, x_refsource_MLIST, Exploit, Patch)
secalert@redhat.com (x_refsource_CONFIRM, Patch)
SSRT100966 (x_refsource_HP, vendor-advisory)
secalert@redhat.com (x_refsource_MISC)
20111005 Context IS Advisory - Apache Reverse Proxy Bypass Vulnerability (mailing-list, x_refsource_FULLDISC)
RHSA-2011:1391 (x_refsource_REDHAT, vendor-advisory)
SE49724 (vendor-advisory, x_refsource_AIXAPAR)
RHSA-2012:0543 (x_refsource_REDHAT, vendor-advisory)
46288 (x_refsource_SECUNIA, third-party-advisory)
76079 (x_refsource_OSVDB, vdb-entry)

Frequently asked questions

What is CVE-2011-3368?: CVE-2011-3368 is a vulnerability in Apache Http_server, classified under Improper Input Validation. Published 2011-10-05.
Is CVE-2011-3368 known to be exploited?: 31 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.