On Thu, Dec 15, 2011 at 11:04 PM, Jeff Trawick <[email protected]> wrote: > On Wed, Nov 23, 2011 at 9:23 AM, Joe Orton <[email protected]> wrote: >> Prutha Parikh from Qualys reported a variant on the CVE-2011-3368 attack >> against certain mod_proxy/mod_rewrite configurations. A new CVE name, >> CVE-2011-4317, has been assigned to this variant. >> >> The configurations in question are the same as affected by -3368, e.g.: >> >> RewriteRule ^(.*) http://www.example.com$1 [P] >> >> and the equivalent ProxyPassMatch. Request examples are: >> >> GET @localhost::8880 HTTP/1.0\r\n\r\n >> GET qualys:@qqq.qq.qualys.com HTTP/1.0\r\n\r\n > > These appear to not apply to 2.0.x because of a difference in URI > parsing between apr-util 0.9.x and apr-util 1.something.x. > > Has anyone else tried that on 2.0.x?
same observation here -- Eric Covener [email protected]
