AnsweredAssumed Answered

CVE-2011-4317

Question asked by Joey Jimenez on Jan 30, 2012
Latest reply on Feb 1, 2012 by Joey Jimenez

I am new to the UNIX Sys Admin arena.

 

I currently had my vulnerability scan, and turned up an Apache HTTP Reverse Proxy / Rewrite Rule vulnerability. ( at least I'm assuming thatis what the issue is, and the solution is to install package CVE-2011-4317 ) But,  I am not able to find this package.

 

So, I've been doing some research, and have found some discussions referencing the disabling of reverse proxy and / or rewrite rule.

 

I have verified that my ' httpd.conf ' file has the correct configuration: 

 

RewriteRule ^(.*) http://IP_address/$1  <----- the insertion of the ' / '

ProxyPassMatch ^(.*) http://IP_address/$1  <---- the insertion of the ' / '

 

However, my ' httpd.conf ' file has neither of these two lines. It does reference several RewriteRule lines that look like the following:

 

RewriteRule ^.*$ - [G,L}

 

I'm sure I missed something, probably the correct ' .conf ' file, but not sure where that would be located.

 

Could someone give me guidance or direction as tohow to resolve this issue? I will be greatful for any assistance from the community.

 

 

Thank you!!

 

 

- Joey

Outcomes