CVE-2021-40438

Apache forward request CVE

CVE-2021-40438 Apache forward request CVE CVE-2021-40438: A crafted request uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user This issue affects Apache HTTP Server 2448 and earlier This CVE could be used to spoof the original IPs in DoS attacks Query vulnerable servers @ appnetlasio: (cvebase_score:>8 and geocountr

simple Bash script that allows you to query EPSS

EPSSeekr This is a simple Bash script that allows you to query the EPSS (Exploit Prediction Scoring System) API using various parameters, such as CVE name, date, and EPSS score The script uses the curl command to send requests to the EPSS API and retrieve data in JSON format Requirements curl Installation Download the epsseekersh script and save it to a directory of your

CVE-2021-40438 exploit PoC with Docker setup.

CVE-2021-40438 exploit PoC with Docker setup CD into the directory containing the Apache configuration and Dockerfile (shared in repo) Building Image: ~# docker build -t cve-2021-40438:10 Running the Docker Image: ~# docker run --rm -d -p 4444:80 cve-2021-40438:10 (Note: You can also use Image ID instead of image name, find Image details using command 'docker images&#

check CVE-2021-40438

CVE-2021-40438 build docker build -t cve-2021-40438:10 run docker run --rm -d -p 4444:80 cve-2021-40438:10 check CVE-2021-40438 /mainsh

Crosswalk Nessus findings with the CISA Known and Exploited Vulnerabilities (KEV) catalog.

Nessus Crosswalk for CISA Known Exploited Vulnerabilities (KEV) nessus_crosswalk is a capability that returns vulnerability results from Nessus scans that map to the most recent CISA KEV catalog The output is a sorted list of CVE IDs, based on number of occurrences in the Nessus scans, in the following format: {"CVE-####-#####": Number_of_Occurrences} Install $ git

CVE-2021-40438 请求 uri-path 可以导致 mod_proxy 将请求转发到远程用户选择的源服务器。此问题会影响 Apache HTTP Server 2448 及更早版本。 攻击者可以通过制作请求来利用此漏洞uri路径，这导致 mod_proxy将请求转发到攻击者选择的源服务器。Apache HTTP Server的mod_proxy组件旨在为 Apache HTTP Server 实现代�

CVE-2021-40438

Dockerized Proof-of-Concept of CVE-2021-40438 in Apache 2.4.48.

apache-cve-poc Dockerized Proof-of-Concept of CVE-2021-40438 in Apache 2448

Nginx Nginx 场景绕过之一: URL white spaces + Gunicorn Nginx 场景绕过之二: 斜杠(trailing slash) 与 #（Weblogic为例） Nginx 场景绕过之三: 斜杠(trailing slash) 与 ;（Weblogic为例） Squid Squid 场景绕过之一: URN bypass ACL HAProxy HAProxy 场景绕过之一: CVE-2021-40346 Content-Length 整型溢出与HTTP Request Smuggling mod_proxy Apache Mo

scan_ssrfsh Este script permite hacer un escaneo de puertos a través de los host vulnerables a CVE-2021-40438 Uso: Cambiar la variable "host" dentro del script por el nombre de host vulnerable en este formato hostname o hostname Ejecutar el script: En el parámetro host hay que reemplazar por el host al que se quiere escanear los puer

My CTF Challenges Balsn CTF 2023 Challenge Category Description Solved 1linenginx Web Exploiting CVE-2019-20372 for Client-Side Desyc leading to XSS in NGINX 6/500 2022 Challenge Category Description Solved 2linenoodjs Web Finding internal Prototype Pollution gadget in node:1880 to RCE 13/584 2021 Challenge Category Description Solved 0linephp Web L

CVE-2021-40438 Apache <= 2.4.48 SSRF exploit

CVE-2021-40438 - Apache &lt;= 2448 - SSRF Python exploit A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user This issue affects Apache HTTP Server 2448 and earlier CVSS v31: Base Score: 90 Severity: CRITICAL CVSS:31/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Attack Vector: Network Attack Complexity: High Pri

CVE-2021-40438 Apache <= 2.4.48 SSRF exploit

CVE-2021-40438 - Apache &lt;= 2448 - SSRF Python exploit A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user This issue affects Apache HTTP Server 2448 and earlier CVSS v31: Base Score: 90 Severity: CRITICAL CVSS:31/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H Attack Vector: Network Attack Complexity: High Pri