Apache 2.1.15 Vulnerabilities
source: https://www.securityfocus.com/bid/51869/info
Apache HTTP Server is prone to a security-bypass vulnerability.
Successful exploits will allow attackers to bypass certain security restrictions and obtain sensitive information about running web applications.
RewriteRule ^(.*) http://www.example.com$1
ProxyPassMatch ^(.*) http://www.example.com$1 important: ap_get_basic_auth_pw() Authentication Bypass (CVE-2017-3167)
Use of the ap_get_basic_auth_pw() by third-party modules outside of the authentication phase may lead to authentication requirements being bypassed. Third-party module writers SHOULD use ap_get_basic_auth_components(), available in 2.2.34 and 2.4.26, instead of ap_get_basic_auth_pw(). Modules which call the legacy ap_get_basic_auth_pw() during the authentication phase MUST either immediately authenticate the user after the call, or else stop the request immediately with an error response to avoid incorrectly authenticating the current request.
Shellshock vulnerability
GNU Bash through 4.3 processes trailing strings after function definitions in the values of environment variables, which allows remote attackers to execute arbitrary code via a crafted environment, as demonstrated by vectors involving the ForceCommand feature in OpenSSH sshd, the mod_cgi and mod_cgid modules in the Apache HTTP Server, scripts executed by unspecified DHCP clients, and other situations in which setting the environment occurs across a privilege boundary from Bash execution, aka "ShellShock."
cgi/bin have been developed to run scripts and then give the results to the user
Communicating a GET/POSt request that has headers (since you use HTTP). THe request will be passed into the script
Last updated