A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said.
Prutha Parikh, vulnerability signature engineer at Qualys, blogged that she uncovered the issue while creating a QualysGuard vulnerability signature for another reverse proxy issue, detailed in CVE-2011-3368. While reviewing the patch for the older bug, she discovered it was still possible to use a crafted request to exploit a fully-patched Apache Web Server.

The link for this article located at ThreatPost is no longer available.