Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apache Flaw Allows Internal Network Access

Posted by samzenpus on from the protect-ya-neck dept.

angry tapir writes "A yet-to-be-patched flaw discovered in the Apache HTTP server allows attackers to access protected resources on the internal network if some rewrite rules are not defined properly. The vulnerability affects Apache installations that operate in reverse proxy mode, a type of configuration used for load balancing, caching and other operations that involve the distribution of resources over multiple servers."

3 of 99 comments (clear)

  1. Use nginx? by mhh91 · · Score: 5, Interesting

    Why would anyone use Apache as a reverse proxy anyway?

    I mean, there's nginx, and it runs circles around Apache as far as I know.

  2. Re:Garbage in, by Anonymous Coward · · Score: 5, Interesting

    Garbage out. What else is new?

    GI/GO is bullshit, you should never output garbage no matter how fucked up the input is. If you can't process it normally, you kick out an error condition of some sort you don't just throw up your hands and say "Oh well, the user entered the wrong password so we'll just have to give him access to everything".

  3. Re:Wait a minute... by Tomato42 · · Score: 5, Interesting

    It would be like patching rm against usage of -rf. Just because you can cut your finger with a knife doesn't mean that the knife is a badly made tool, it just means you failed as a knife user.

    The Apache vulnerability isn't part of normal config, let alone the default one. Non story.