Apache mod_proxy 2.4.48 SSRF

Impact: Medium

Description

A vulnerability exists in Apache HTTP Server 2.4.48 and earlier versions, specifically within the mod_proxy module. An attacker can exploit this flaw by crafting a request uri-path in a way that causes mod_proxy to forward the request to an origin server chosen by the remote user. This vulnerability can lead to Server-Side Request Forgery (SSRF) attacks, enabling attackers to interact with internal systems or services that are not directly accessible to them.

Recommendation

To mitigate this vulnerability, it is recommended to update the Apache HTTP Server to the latest available version.

References

Apache HTTP Server
CVE-2021-40438
CWE-918
OWASP 2021-A10
OWASP 2021-A6

👉 You might also like:

Apache mod_proxy 2.4.48 SSRF

Description

Recommendation

References

Apache 2.4.49 Path Traversal and RCE - CVE-2021-41773, CVE-2021-42013

Apache mod_jk Access Control Bypass - CVE-2018-11759

Apache Struts 2 Forced double OGNL evaluation S2-059 - CVE-2019-0230

Apache Struts 2 RCE S2-045 - CVE-2017-5638

This issue is available in SmartScanner Professional