H1-184877 — Vulnetix

H1-184877 PUBLISHED

Out-of-date Version (Apache)

Exploit Intelligence

PoC Scan. (cve-2011-3368) (github-poc)
CVE-2011-3368 exploit code (github-poc)
futurezayka/CVE-2011-3192 (github-poc)
This Repository use to test Apache Killer (cve-2011-3192). (github-poc)
Python Apache Killer (Range Header DoS CVE-2011-3192) (github-poc)
Out-of-date Version (Apache) (hackerone)
Out-of-date Version (Apache) (hackerone)
Detects a denial of service vulnerability in the way the Apache web server handles requests for multiple overlapping/simple ranges of a page. References: * http://seclists.org/fulldisclosure/2011/Aug/175 * http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3192 * http://nessus.org/plugins/index.php?view=single&id=55976 (nmap-nse)
Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: * the loopback test, with 3 payloads to handle different rewrite rules * the internal hosts test. According to Contextis, we expect a delay before a server error. * The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway. References: * http://www.contextis.com/research/blog/reverseproxybypass/ (nmap-nse)

Timeline

Sep 6, 2015 PoC Published
Feb 14, 2016 PoC Published
Dec 2, 2019 CVE Published
Dec 2, 2019 PoC Published

References

Out-of-date Version (Apache) advisory

Open in Interactive Console →

$ Console Community · 100/wk Open console ›