Unpatched Apache Flaw Allows The Attacker To Access Protected Directories
Security researcher Prutha Parikh discovers yet another reverse proxy vulnerability with Apache, The vulnerability was discovered as she was trying to write the signature for the older CVE-2011-4317 vulnerability. According to the security researcher an attacker can manage to access the internal network if the vulnerability is successful exploited.
How It Works?
An attacker can make use of a crafted http request to bypass the security mechanism and exploit a fully patched version of Apache and can allow the attacker to access the internal network is reverse proxy rules are not properly configured.
Proof Of Concept:
The security researcher has demonstrated a POC at Qualys website here.