A new reverse proxy issue affecting Apache HTTP server can be used by attackers to access internal systems if certain rules are improperly configured, a security researcher said. Prutha Parikh, vulnerability signature engineer at Qualys, blogged that she uncovered the issue while creating a QualysGuard vulnerability signature for another reverse proxy bug. She discovered it was still possible to use a crafted request to exploit a fully-patched Apache Web Server. Apache developers are working on a fix to address the issue.
Source: https://threatpost.com/new-apache-reverse-proxy-issue-uncovered-112611/75927/