Description
A vulnerability exists in Apache HTTP Server 2.4.48 and earlier versions, specifically within the mod_proxy module. An attacker can exploit this flaw by crafting a request uri-path in a way that causes mod_proxy to forward the request to an origin server chosen by the remote user. This vulnerability can lead to Server-Side Request Forgery (SSRF) attacks, enabling attackers to interact with internal systems or services that are not directly accessible to them.
Recommendation
To mitigate this vulnerability, it is recommended to update the Apache HTTP Server to the latest available version.
References
Related Issues
- Apache 2.4.49 Path Traversal and RCE - CVE-2021-41773, CVE-2021-42013
- Apache mod_jk Access Control Bypass - CVE-2018-11759
- Apache Expect Header Cross Site Scripting - CVE-2006-3918
- Apache Struts 2 Forced double OGNL evaluation S2-059 - CVE-2019-0230
- Tags:
- SSRF
- Apache
- Web Server
Anything's wrong? Let us know Last updated on May 13, 2024