CVE-2021-40438

Description from NVD

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Information Acquisition Date:2021-10-18T10:36Z
CVSS 2.0: 6.8 MEDIUM CVSS 3.x: 9.0 CRITICAL

▼ CVSS3 Vec CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:P/I:P/A:P

NVD References

 https://httpd.apache.org/security/vulnerabilities_24.html
     source:MISC
     tags:Release Notes    Vendor Advisory    
 FEDORA-2021-dce7e7738e
     source:FEDORA
     tags:Mailing List    Third Party Advisory    
 [httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info
     source:MLIST
     tags:Mailing List    Vendor Advisory    
 [httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info
     source:MLIST
     tags:Mailing List    Vendor Advisory    
 [httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info
     source:MLIST
     tags:Mailing List    Vendor Advisory    
 [httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info
     source:MLIST
     tags:Mailing List    Vendor Advisory    
 FEDORA-2021-e3f6dd670d
     source:FEDORA
     tags:Mailing List    Third Party Advisory    
 [debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update
     source:MLIST
     tags:Mailing List    Third Party Advisory    
 https://security.netapp.com/advisory/ntap-20211008-0004/
     source:CONFIRM
     tags:
 [httpd-bugs] 20211008 [Bug 65616] CVE-2021-36160 regression
     source:MLIST
     tags:
 DSA-4982
     source:DEBIAN
     tags:

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Android(1 tweets) Apache(39 tweets) Linux(1 tweets) Tomcat(1 tweets) Unix(1 tweets) iOS(1 tweets)



List of frequently cited URLs

URLNum of Times Referred to
https://httpd.apache.org/security/vulnerabilities_24.html60
https://firzen.de/building-a-poc-for-cve-2021-4043822
https://twitter.com/pdnuclei/status/14487809147506810987
https://github.com/projectdiscovery/nuclei-templates/blob/m...3
https://www.fastly.com/blog/apache-redux-preventing-server-...3
https://downloads.apache.org/httpd/CHANGES_2.4.493

▼ Show Information from Twitter(98)


List of frequently cited URLs

URLNum of Times Referred to
httpd.apache.org60
firzen.de22
twitter.com7
github.com3
www.fastly.com3
downloads.apache.org3

▼ Show Information from Twitter(98)


GitHub Search Results: Up to 10
NameURL
No Data

GitHub Search Results: Up to 10
NameURL
No Data

2021/10/21 Score : 1
Added Har-sia Database : 2021/09/16
Last Modified : 2021/10/21
Highest Scored Date : 2021/10/16
Highest Score : 25