It was a typical Monday morning for John, a system administrator at a large financial institution. He was sipping his coffee and checking his email when he noticed a strange alert on his monitoring dashboard. The Apache httpd server, which hosted the company's website and several internal applications, was acting suspiciously.
The most critical vulnerabilities affecting this specific version include: apache httpd 2.4.18 exploit
CVE-2016-5387, nicknamed "HTTPOXY," is a misnomer. It is not an Apache bug per se, but a design flaw in how CGI scripts handled the Proxy header. An attacker could send a request containing a Proxy: http://evil.com header, tricking server-side scripts (PHP, Python, Go) into routing outgoing HTTP requests through a malicious proxy. It was a typical Monday morning for John,
| Action | Command / Configuration | |--------|--------------------------| | | sudo apt-get upgrade apache2 (or compile 2.4.58+) | | Disable HTTP/2 | Protocols http/1.1 in httpd.conf | | Remove mod_cgi/cgid | sudo a2dismod cgi cgid | | Set ProxyRequest Off | Prevents HTTPOXY (Not a complete fix) | | Deploy WAF rule | Block Proxy header containing http:// or Proxy: * | tricking server-side scripts (PHP
A proof-of-concept exploit for this vulnerability was published by the Apache Software Foundation, which demonstrates how to exploit the vulnerability using a malicious Authorization header.