New Apache Reverse Proxy Flaw Allows Access to Internal Network System. Apache developers are working on a fix of a flaw in its web server software that creates a possible mechanism to access internal systems. The zero-day vulnerability only rears its ugly head if reverse proxy rules are configured incorrectly. The problem isn’t new and a vulnerability that allowed similar attacks was addressed back in October. In order to mitigate the problem server administrators should add a forward slash before $1 in the rewrite rule, the correct form being “(.*) https://internal_host/$1”
Source: https://thehackernews.com/2011/11/new-apache-reverse-proxy-flaw-allows.html