VDB
GHSA-j85c-9w9v-p2p3
GHSA-j85c-9w9v-p2p3
PUBLISHED
Exploit Intelligence
- PoC Scan. (cve-2011-3368) (github-poc)
- CVE-2011-3368 exploit code (github-poc)
- Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: * the loopback test, with 3 payloads to handle different rewrite rules * the internal hosts test. According to Contextis, we expect a delay before a server error. * The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway. References: * http://www.contextis.com/research/blog/reverseproxybypass/ (nmap-nse)
- Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: o the loopback test, with 3 payloads to handle different rewrite rules o the internal hosts test. According to Contextis, we expect a delay before a server error. o The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway. References: * http://www.contextis.com/research/blog/reverseproxybypass/ (nmap-nse)
- Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: o the loopback test, with 3 payloads to handle different rewrite rules o the internal hosts test. According to Contextis, we expect a delay before a server error. o The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway. References: * http://www.contextis.com/research/blog/reverseproxybypass/ (nmap-nse)
- Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: o the loopback test, with 3 payloads to handle different rewrite rules o the internal hosts test. According to Contextis, we expect a delay before a server error. o The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway. References: * http://www.contextis.com/research/blog/reverseproxybypass/ (nmap-nse)
- Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: o the loopback test, with 3 payloads to handle different rewrite rules o the internal hosts test. According to Contextis, we expect a delay before a server error. o The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway. References: * http://www.contextis.com/research/blog/reverseproxybypass/ (nmap-nse)
- Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: * the loopback test, with 3 payloads to handle different rewrite rules * the internal hosts test. According to Contextis, we expect a delay before a server error. * The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway. References: * http://www.contextis.com/research/blog/reverseproxybypass/ (nmap-nse)
- Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: * the loopback test, with 3 payloads to handle different rewrite rules * the internal hosts test. According to Contextis, we expect a delay before a server error. * The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway. References: * http://www.contextis.com/research/blog/reverseproxybypass/ (nmap-nse)
Timeline
- CVE Published
- Nov 17, 2011 PoC Published
- Jan 6, 2013 PoC Published
- May 27, 2014 PoC Published
- Sep 6, 2015 PoC Published
- Apr 9, 2026 Distribution Patch
- Apr 9, 2026 Security Advisory