File http-vuln-cve2011-3368

脚本使用类型: portrule
脚本所属分类: intrusive, vuln
脚本下载地址: http://nmap.org/svn/scripts/http-vuln-cve2011-3368.nse

User Summary

Tests for the CVE-2011-3368 (Reverse Proxy Bypass) vulnerability in Apache HTTP server's reverse proxy mode. The script will run 3 tests: o the loopback test, with 3 payloads to handle different rewrite rules o the internal hosts test. According to Contextis, we expect a delay before a server error. o The external website test. This does not mean that you can reach a LAN ip, but this is a relevant issue anyway.

References: * http://www.contextis.com/research/blog/reverseproxybypass/

Script Arguments


sets the path prefix (directory) to check for the vulnerability.

smbdomain, smbhash, smbnoguest, smbpassword, smbtype, smbusername

See the documentation for the smbauth library.

http.max-cache-size, http.max-pipeline, http.pipeline, http.useragent

See the documentation for the http library.


See the documentation for the vulns library.

Example Usage


nmap --script http-vuln-cve2011-3368 <targets>

Script Output

80/tcp open  http
| http-vuln-cve2011-3368: 
|   Apache mod_proxy Reverse Proxy Security Bypass
|     State: VULNERABLE
|     IDs:  CVE:CVE-2011-3368  OSVDB:76079
|     Description:
|       An exposure was reported affecting the use of Apache HTTP Server in
|       reverse proxy mode. The exposure could inadvertently expose internal
|       servers to remote users who send carefully crafted requests.
|     Disclosure date: 2011-10-05
|     Extra information:
|       Proxy allows requests to external websites
|     References:
|       http://osvdb.org/76079
|_      http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3368


Author: Ange Gutek, Patrik Karlsson

License: VER007 整理 http://www.ver007.com