Maintainers of the open-source Apache webserver are warning that their HTTP daemon is vulnerable to exploits that expose internal servers to remote attackers who embed special commands in website addresses.
The weakness in 1.3 and all 2.x versions of the Apache HTTP Server can be exploited only under certain conditions. For one, they must be running in reverse proxy mode, a setting often used to perform load balancing or to separate static content from dynamic content. And even then, internal systems are susceptible to unauthorized access only when certain types of reverse proxy rewrite rules are used.
Nonetheless, the vulnerable reverse proxy configurations are common enough that Apache maintainers issued an advisory on Wednesday recommending users examine their systems to make sure they're not at risk.
The link for this article located at The Register UK is no longer available.