Description
A vulnerability exists in Apache HTTP Server 2.4.48 and earlier versions, specifically within the mod_proxy module. An attacker can exploit this flaw by crafting a request uri-path in a way that causes mod_proxy to forward the request to an origin server chosen by the remote user. This vulnerability can lead to Server-Side Request Forgery (SSRF) attacks, enabling attackers to interact with internal systems or services that are not directly accessible to them.
Recommendation
To mitigate this vulnerability, it is recommended to update the Apache HTTP Server to the latest available version.