all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Apache 2.4.55 mod_proxy HTTP Request Smuggling

Add to bookmarks
Jan. 2, 2024, 1:27 p.m. |

Packet Storm packetstormsecurity.com

Some mod_proxy configurations on Apache HTTP Server versions 2.4.0 through 2.4.55 allow for an HTTP request smuggling attack. Configurations are affected when mod_proxy is enabled along with some form of RewriteRule or ProxyPassMatch in which a non-specific pattern matches some portion of the user-supplied request-target (URL) data and is then re-inserted into the proxied request-target using variable substitution.

apache attack data http http request smuggling http server non request request smuggling rewriterule server smuggling target url

Visit resource

More from packetstormsecurity.com / Packet Storm

Ubuntu Security Notice USN-6757-2 4 hours ago | packetstormsecurity.com
arbitrary code attacker code crash +16
Ubuntu Security Notice USN-6762-1 4 hours ago | packetstormsecurity.com
arbitrary code attacker attackers code +15
SOPlanning 1.52.00 SQL Injection 4 hours ago | packetstormsecurity.com
injection php projects sql +5
SOPlanning 1.52.00 Cross Site Request Forgery 4 hours ago | packetstormsecurity.com
forgery php request version +2
SOPlanning 1.52.00 Cross Site Scripting 4 hours ago | packetstormsecurity.com
cross site scripting php scripting version +2
Red Hat Security Advisory 2024-2679-03 4 hours ago | packetstormsecurity.com
advisory enterprise free linux +7
Red Hat Security Advisory 2024-2674-03 4 hours ago | packetstormsecurity.com
advisory enterprise kernel linux +5
Red Hat Security Advisory 2024-2071-03 4 hours ago | packetstormsecurity.com
advisory bugs container fix +10
Red Hat Security Advisory 2024-2068-03 4 hours ago | packetstormsecurity.com
advisory bugs container denial of service +13

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Intern, Cyber Security Vulnerability Management

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Compliance - Global Privacy Office - Associate - Bengaluru

@ Goldman Sachs | Bengaluru, Karnataka, India
View on infosec-jobs.com

Cyber Security Engineer (m/w/d) Operational Technology

@ MAN Energy Solutions | Oberhausen, DE, 46145
View on infosec-jobs.com

Armed Security Officer - Hospital

@ Allied Universal | Sun Valley, CA, United States
View on infosec-jobs.com

Governance, Risk and Compliance Officer (Africa)

@ dLocal | Lagos (Remote)
View on infosec-jobs.com

Junior Cloud DevSecOps Network Engineer

@ Accenture Federal Services | Arlington, VA
View on infosec-jobs.com
View more jobs