The Apache Software Foundation has released a patch to resolve a security flaw that affects multiple versions of the popular Apache Web Server when running in reverse proxy mode. An advisory on the issue was published on Wednesday this week, which outlined how the weakness affects Apache 1.3 and all 2.x versions of the Apache server. Apache Web Servers are typically placed in reverse proxy mode in order to perform load balancing or to separate static content from dynamic content, according to The Register.

The vulnerability means that hackers could conceivably access internal databases, file servers or other devices on internal networks fronted by vulnerable systems. As outlined by the official advisory: "The server did not validate that the input to the pattern match was a valid path string, so a pattern could expand to an unintended target URL."

For now, companies who installed Apache manually will want to ensure that the latest version of Apache that is updated with the patch is installed, though it may be a few days yet before various Linux distributors ready their own security updates and publish them. 

In the meantime, you can read a detailed explanation of the reverse proxy bypass problem here, for tips on creating proxy rewrite rules that cannot be exploited.

For more:
- check out this article at The Register
- check out this article at SC Magazine
- check out this article at Dark Reading

Related Articles:
Web server DoS flaw confirmed by Apache 
Open source CMIS implementation Apache Chemistry graduates 
Apache Foundation plans to vote down Java 7