File http-vuln-cve2011-3368
Script types:
portrule
Categories:
intrusive, vuln
Download: http://nmap.org/svn/scripts/http-vuln-cve2011-3368.nse
User Summary
Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: o the loopback test, with 3 payloads to handle different rewrite rules o the internal hosts test. According to Contextis, we expect a delay before a server error. o The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway.
References: * http://www.contextis.com/research/blog/reverseproxybypass/
Script Arguments
http-vuln-cve2011-3368.prefix
sets the path prefix (directory) to check for the vulnerability.
http-max-cache-size, http.pipeline, http.useragent
See the documentation for the http library.vulns.showall
See the documentation for the vulns library.Example Usage
nmap --script http-vuln-cve2011-3368 <targets>
Script Output
PORT STATE SERVICE 80/tcp open http | http-vuln-cve2011-3368: | VULNERABLE: | Apache mod_proxy Reverse Proxy Security Bypass | State: VULNERABLE | IDs: CVE:CVE-2011-3368 OSVDB:76079 | Description: | An exposure was reported affecting the use of Apache HTTP Server in | reverse proxy mode. The exposure could inadvertently expose internal | servers to remote users who send carefully crafted requests. | Disclosure date: 2011-10-05 | Extra information: | Proxy allows requests to external websites | References: | http://osvdb.org/76079 |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368
Requires
Author: Ange Gutek, Patrik Karlsson
License: Same as Nmap--See http://nmap.org/book/man-legal.html
