Dennis Ritchie – Unix creator Dennis Ritchie dies aged 70
Dr Ritchie was one of the creators of the hugely influential Unix operating system and the equally pioneering C programming language.
A vast number of modern technologies depend on the work he and fellow programmers did on Unix and C in the early days of the computer revolution.
Those paying respects said he was a “titan” of the industry whose influence was largely unknown.
Apache – Today Apache acknowledged another reverse proxy issue (CVE-2011-4317) which I discovered while creating a QualysGuard vulnerability signature for an older problem CVE-2011-3368. Depending on the reverse proxy configuration, the vulnerability could allow access to internal systems from the Internet.
While reviewing the patch for the older issue CVE-2011-3368, it appeared that it was still possible to make use of a crafted request that could exploit a fully patched Apache Web Server (Apache 2.2.21 with CVE-2011-3368 patch applied) to allow access to internal systems if the reverse proxy rules are configured incorrectly. I submitted an advisory and proof of concept to Apache and Apache made the issue public today.
For a good description of the older CVE-2011-3368 issue as well as how a reverse proxy works please check the excellent blog post by Context.
