On Wed, Nov 23, 2011 at 9:23 AM, Joe Orton <[email protected]> wrote: > Prutha Parikh from Qualys reported a variant on the CVE-2011-3368 attack > against certain mod_proxy/mod_rewrite configurations. A new CVE name, > CVE-2011-4317, has been assigned to this variant. > > The configurations in question are the same as affected by -3368, e.g.: > > RewriteRule ^(.*) http://www.example.com$1 [P] > > and the equivalent ProxyPassMatch. Request examples are: > > GET @localhost::8880 HTTP/1.0\r\n\r\n > GET qualys:@qqq.qq.qualys.com HTTP/1.0\r\n\r\n
These appear to not apply to 2.0.x because of a difference in URI parsing between apr-util 0.9.x and apr-util 1.something.x. Has anyone else tried that on 2.0.x?
