6.8
CVSSv2

CVE-2021-40438

Published: 16/09/2021 Updated: 24/11/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 9 | Impact Score: 6 | Exploitability Score: 2.2
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and previous versions.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

fedoraproject fedora 34

fedoraproject fedora 35

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

netapp clustered data ontap -

netapp storagegrid -

f5 f5os

Vendor Advisories

A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd This flaw allows a remote unauthenticated attacker to forward requests to an arbitrary origin server The highest threat from this vulnerability is to confidentiality ...
Several vulnerabilities have been found in the Apache HTTP server, which could result in denial of service In addition a vulnerability was discovered in mod_proxy with which an attacker could trick the server to forward requests to arbitrary origin servers For the oldstable distribution (buster), these problems have been fixed in version 2438-3 ...
In Apache HTTP Server before version 2449, a crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user ...
A vulnerability (CVE-2021-40438) exists in Hitachi Command Suite, Hitachi Ops Center API Configuration Manager,Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer Affected products and versions are listed below Please upgrade your version to the appropriate version ...
Tenablesc leverages third-party software to help provide underlying functionality One of the third-party components (Apache) was found to contain vulnerabilities, and updated versions have been made available by the providers Out of caution, and in line with best practice, Tenable opted to upgrade the bundled Apache components to address the po ...
On September 16, 2021, the Apache Software Foundation disclosed five vulnerabilities affecting the Apache HTTP Server (httpd) 2448 and earlier releases For a description of these vulnerabilities, see the Apache HTTP Server 2449 section of the Apache HTTP Server 24 vulnerabilities webpage This advisory will be updated as additional informatio ...

Github Repositories

CVE-2021-40438 exploit PoC with Docker setup CD into the directory containing the Apache configuration and Dockerfile (shared in repo) Building Image: ~# docker build -t cve-2021-40438:10 Running the Docker Image: ~# docker run --rm -d -p 4444:80 cve-2021-40438:10 (Note: You can also use Image ID instead of image name, find Image details using command 'docker images&#

scan_ssrfsh Este script permite hacer un escaneo de puertos a través de los host vulnerables a CVE-2021-40438 Uso: /scan_ssrfsh -p <port1,port2,port3> "

apache-cve-poc Dockerized Proof-of-Concept of CVE-2021-40438 in Apache 2448

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

References

CWE-918https://httpd.apache.org/security/vulnerabilities_24.htmlhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3Ehttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/https://lists.debian.org/debian-lts-announce/2021/10/msg00001.htmlhttps://security.netapp.com/advisory/ntap-20211008-0004/https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3Cbugs.httpd.apache.org%3Ehttps://www.debian.org/security/2021/dsa-4982https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3Cusers.httpd.apache.org%3Ehttps://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3Cusers.httpd.apache.org%3Ehttps://www.tenable.com/security/tns-2021-17https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQhttps://github.com/sixpacksecurity/CVE-2021-40438https://nvd.nist.govhttps://access.redhat.com/security/cve/cve-2021-40438