CVE-2021-40438 — Apache HTTP Server-Side Request Forgery (SSRF)
2021-12-01 • CISA Known Exploited Vulnerability
[event] A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
> AFFECTED SOFTWARE
| Field | Value |
|---|---|
| Vendor | Apache |
| Product | Apache |
| CWE | CWE-918 |
| CVE ID | CVE-2021-40438 |
| Date Added | 2021-12-01 |
| Due Date | 2021-12-15 |
| Ransomware Campaign | Unknown |
> MITIGATION
Apply updates per vendor instructions.
Due Date: 2021-12-15