Improper URI Normalization in Rhttproxy Allows Bypassing Proxy and Accessing Internal Endpoints

Improper URI Normalization in Rhttproxy Allows Bypassing Proxy and Accessing Internal Endpoints

CVE-2021-22017 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Rhttproxy as used in vCenter Server contains a vulnerability due to improper implementation of URI normalization. A malicious actor with network access to port 443 on vCenter Server may exploit this issue to bypass proxy leading to internal endpoints being accessed.

Learn more about our Cis Benchmark Audit For Server Software.