Vulnerabilities > CVE-2021-40438 - Server-Side Request Forgery (SSRF) vulnerability in multiple products

047910
CVSS 9.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
HIGH
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
HIGH
Availability impact
HIGH

Summary

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Vulnerable Configurations

Part Description Count
Application
Apache
251
Application
Netapp
3
Application
Oracle
8
Application
Siemens
16
Application
Tenable
9
OS
Fedoraproject
2
OS
Debian
3
OS
Broadcom
1
OS
F5
7

Common Weakness Enumeration (CWE)

References