VULHUB ™

A vulnerability has been discovered in Apache web server that may result in the disclosure of the server's address. The problem occurs when a HTTP request containing the URI of a directory is submitted to the server. If the URI does not contain a trailing '/' character, the server returns a 3xx redirection error code indicating that further action must be taken in order to fulfill the request. When this occurs, a 'Location' response-header containing the address of the server is returned as part of the response. In a situation where the request is redirected to the server behind a firewall, this could lead to the disclosure of the server's internal network address.

A vulnerability has been discovered in Apache web server that may result in the disclosure of the server's address. The problem occurs when a HTTP request containing the URI of a directory is submitted to the server. If the URI does not contain a trailing '/' character, the server returns a 3xx redirection error code indicating that further action must be taken in order to fulfill the request. When this occurs, a 'Location' response-header containing the address of the server is returned as part of the response. In a situation where the request is redirected to the server behind a firewall, this could lead to the disclosure of the server's internal network address.