CVE-2021-40438
Apache HTTP Server-Side Request Forgery (SSRF)
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
8Exploited in Wild
YesDecision
Descriptions
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Un uri-path diseñado puede causar que mod_proxy reenvíe la petición a un servidor de origen elegido por el usuario remoto. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores
A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and inaccessible otherwise. The impact of this flaw varies based on what services and resources are available on the httpd network.
This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability.
The specific flaw exists within the REST service, which listens on TCP port 443 by default. The issue results from the use of a vulnerable Apache HTTP server. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-09-02 CVE Reserved
- 2021-09-16 CVE Published
- 2021-10-18 First Exploit
- 2021-12-01 Exploited in Wild
- 2021-12-15 KEV Due Date
- 2024-08-04 CVE Updated
- 2024-09-19 EPSS Updated
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (29)
URL | Date | SRC |
---|---|---|
https://github.com/sixpacksecurity/CVE-2021-40438 | 2021-10-24 | |
https://github.com/xiaojiangxl/CVE-2021-40438 | 2021-10-18 | |
https://github.com/Kashkovsky/CVE-2021-40438 | 2022-04-03 | |
https://github.com/sergiovks/CVE-2021-40438-Apache-2.4.48-SSRF-exploit | 2023-12-12 | |
https://github.com/BabyTeam1024/CVE-2021-40438 | 2021-10-28 | |
https://github.com/gassara-kys/CVE-2021-40438 | 2022-06-10 | |
https://github.com/Cappricio-Securities/CVE-2021-40438 | 2024-06-21 | |
https://github.com/pisut4152/Sigma-Rule-for-CVE-2021-40438-exploitation-attempt | 2021-11-30 |
URL | Date | SRC |
---|---|---|
https://www.oracle.com/security-alerts/cpuapr2022.html | 2024-07-24 | |
https://www.oracle.com/security-alerts/cpujan2022.html | 2024-07-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Search vendor "Apache" | Http Server Search vendor "Apache" for product "Http Server" | <= 2.4.48 Search vendor "Apache" for product "Http Server" and version " <= 2.4.48" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 34 Search vendor "Fedoraproject" for product "Fedora" and version "34" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 35 Search vendor "Fedoraproject" for product "Fedora" and version "35" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 11.0 Search vendor "Debian" for product "Debian Linux" and version "11.0" | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Cloud Backup Search vendor "Netapp" for product "Cloud Backup" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap" | - | - |
Affected
| ||||||
Netapp Search vendor "Netapp" | Storagegrid Search vendor "Netapp" for product "Storagegrid" | - | - |
Affected
| ||||||
Broadcom Search vendor "Broadcom" | Brocade Fabric Operating System Firmware Search vendor "Broadcom" for product "Brocade Fabric Operating System Firmware" | - | - |
Affected
| ||||||
F5 Search vendor "F5" | F5os Search vendor "F5" for product "F5os" | >= 1.1.0 <= 1.1.4 Search vendor "F5" for product "F5os" and version " >= 1.1.0 <= 1.1.4" | - |
Affected
| ||||||
F5 Search vendor "F5" | F5os Search vendor "F5" for product "F5os" | >= 1.2.0 <= 1.2.1 Search vendor "F5" for product "F5os" and version " >= 1.2.0 <= 1.2.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Enterprise Manager Ops Center Search vendor "Oracle" for product "Enterprise Manager Ops Center" | 12.4.0.0 Search vendor "Oracle" for product "Enterprise Manager Ops Center" and version "12.4.0.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Http Server Search vendor "Oracle" for product "Http Server" | 12.2.1.3.0 Search vendor "Oracle" for product "Http Server" and version "12.2.1.3.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Http Server Search vendor "Oracle" for product "Http Server" | 12.2.1.4.0 Search vendor "Oracle" for product "Http Server" and version "12.2.1.4.0" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Instantis Enterprisetrack Search vendor "Oracle" for product "Instantis Enterprisetrack" | 17.1 Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.1" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Instantis Enterprisetrack Search vendor "Oracle" for product "Instantis Enterprisetrack" | 17.2 Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.2" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Instantis Enterprisetrack Search vendor "Oracle" for product "Instantis Enterprisetrack" | 17.3 Search vendor "Oracle" for product "Instantis Enterprisetrack" and version "17.3" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Secure Global Desktop Search vendor "Oracle" for product "Secure Global Desktop" | 5.6 Search vendor "Oracle" for product "Secure Global Desktop" and version "5.6" | - |
Affected
| ||||||
Oracle Search vendor "Oracle" | Zfs Storage Appliance Kit Search vendor "Oracle" for product "Zfs Storage Appliance Kit" | 8.8 Search vendor "Oracle" for product "Zfs Storage Appliance Kit" and version "8.8" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Ruggedcom Nms Search vendor "Siemens" for product "Ruggedcom Nms" | * | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinec Nms Search vendor "Siemens" for product "Sinec Nms" | < 1.0.3 Search vendor "Siemens" for product "Sinec Nms" and version " < 1.0.3" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinema Remote Connect Server Search vendor "Siemens" for product "Sinema Remote Connect Server" | < 3.1 Search vendor "Siemens" for product "Sinema Remote Connect Server" and version " < 3.1" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinema Remote Connect Server Search vendor "Siemens" for product "Sinema Remote Connect Server" | 3.2 Search vendor "Siemens" for product "Sinema Remote Connect Server" and version "3.2" | - |
Affected
| ||||||
Siemens Search vendor "Siemens" | Sinema Server Search vendor "Siemens" for product "Sinema Server" | 14.0 Search vendor "Siemens" for product "Sinema Server" and version "14.0" | - |
Affected
| ||||||
Tenable Search vendor "Tenable" | Tenable.sc Search vendor "Tenable" for product "Tenable.sc" | <= 5.19.1 Search vendor "Tenable" for product "Tenable.sc" and version " <= 5.19.1" | - |
Affected
|