UK researchers have uncovered a vulnerability in Apache Web server security, the open source software that powers the majority of the world’s Web servers. The backdoor threat is a new class of security vulnerability that could allow hackers to gain full Internet access to internal or DMZ (demilitarized zone) systems using insecurely configured reverse Web proxies.
The Apache Software Foundation, which manages Apache Web server, has issued an advisory to all of its customers advising them on how to guard against the flaw, which is expected to be addressed in a future version of Apache.
Context Information Security, who alerted Apache to the problem last month, unearthed the vulnerability. The company has published a blog post detailing the new class of attack, and providing advice on how to mitigate the risks.
Reverse proxies are used to route external HTTP and HTTPS Web requests to one of several internal Web servers to access data and resources. Typical applications include load balancing, separating static from dynamic content, or presenting
Requires Membership to View
To gain access to this and all member only content, please provide the following information:
By submitting your registration information to searchSecurity.in you agree to receive email communications from the TechTarget network of sites, and/or third party content providers that have relationships with TechTarget, based on your topic interests and activity, including updates on new content, event notifications, new site launches and market research surveys. Please verify all information and selections above. You may unsubscribe at any time from one or more of the services you have selected by editing your profile, unsubscribing via email or by contacting us here
- Your use of searchSecurity.in is governed by our Terms of Use
- We designed our Privacy Policy to provide you with important disclosures about how we collect and use your registration and other information. We encourage you to read the Privacy Policy, and to use it to help make informed decisions.
- If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States.
a single interface to a number of different
Web servers at different paths.
This latest vulnerability is a potential back door to sensitive internal or DMZ systems, but is totally avoidable if the reverse proxies are properly configured.
Michael Jordon
Context Information Security
The specific attack identified by Context researchers was based on an Apache Web server using the mod_rewrite proxy function, which uses a rule-based rewriting engine to modify and rewrite Web requests dynamically. When the Web proxies weren’t configured securely, the researchers were able to employ a commonly used hacking tool to force a change in the request to access internal or DMZ systems, including administration interfaces on firewalls, routers, Web servers and databases. Moreover, if the credentials on the internal systems were weak, the researchers were able to execute a full network compromise, including uploading Trojan WAR files to a server.
In addition to the blog post, Context has also released a new version of its free–to-download Context Application Tool (CAT), which can be used to identify the vulnerability.
“This latest vulnerability is a potential back door to sensitive internal or DMZ systems, but is totally avoidable if the reverse proxies are properly configured,” said Michael Jordon, research and development manager at Context Information Security, in a written statement. “We have not investigated other Web servers and proxies but it is reasonable to assume the problem is more widespread.”