{"containers": {"cna": {"affected": [{"product": "Apache HTTP Server", "vendor": "Apache Software Foundation", "versions": [{"lessThanOrEqual": "2.4.48", "status": "affected", "version": "Apache HTTP Server 2.4", "versionType": "custom"}]}], "credits": [{"lang": "en", "value": "The issue was discovered by the Apache HTTP security team while analysing CVE-2021-36160"}], "descriptions": [{"lang": "en", "value": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier."}], "metrics": [{"other": {"content": {"other": "high"}, "type": "unknown"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-918", "description": "CWE-918 Server Side Request Forgery (SSRF)", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-14T01:07:57", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"name": "FEDORA-2021-dce7e7738e", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"}, {"name": "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"}, {"name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"}, {"name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"}, {"name": "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"}, {"name": "FEDORA-2021-e3f6dd670d", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"}, {"name": "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"}, {"name": "[httpd-bugs] 20211008 [Bug 65616] CVE-2021-36160 regression", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E"}, {"name": "DSA-4982", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4982"}, {"name": "[httpd-users] 20211019 [users@httpd] Regarding CVE-2021-40438", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E"}, {"name": "[httpd-users] 20211019 Re: [users@httpd] Regarding CVE-2021-40438", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E"}, {"name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021", "tags": ["vendor-advisory", "x_refsource_CISCO"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.tenable.com/security/tns-2021-17"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://security.netapp.com/advisory/ntap-20211008-0004/"}, {"tags": ["x_refsource_MISC"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"}, {"name": "GLSA-202208-20", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/202208-20"}], "source": {"discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2021-09-16T00:00:00", "value": "2.4.49 released"}], "title": "mod_proxy SSRF", "x_generator": {"engine": "Vulnogram 0.0.9"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "ID": "CVE-2021-40438", "STATE": "PUBLIC", "TITLE": "mod_proxy SSRF"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache HTTP Server", "version": {"version_data": [{"version_affected": "<=", "version_name": "Apache HTTP Server 2.4", "version_value": "2.4.48"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "credit": [{"lang": "eng", "value": "The issue was discovered by the Apache HTTP security team while analysing CVE-2021-36160"}], "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier."}]}, "generator": {"engine": "Vulnogram 0.0.9"}, "impact": [{"other": "high"}], "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-918 Server Side Request Forgery (SSRF)"}]}]}, "references": {"reference_data": [{"name": "https://httpd.apache.org/security/vulnerabilities_24.html", "refsource": "MISC", "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"name": "FEDORA-2021-dce7e7738e", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"}, {"name": "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3Cusers.httpd.apache.org%3E"}, {"name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3Cusers.httpd.apache.org%3E"}, {"name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3Cusers.httpd.apache.org%3E"}, {"name": "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3Cusers.httpd.apache.org%3E"}, {"name": "FEDORA-2021-e3f6dd670d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"}, {"name": "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update", "refsource": "MLIST", "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"}, {"name": "[httpd-bugs] 20211008 [Bug 65616] CVE-2021-36160 regression", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3Cbugs.httpd.apache.org%3E"}, {"name": "DSA-4982", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4982"}, {"name": "[httpd-users] 20211019 [users@httpd] Regarding CVE-2021-40438", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3Cusers.httpd.apache.org%3E"}, {"name": "[httpd-users] 20211019 Re: [users@httpd] Regarding CVE-2021-40438", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3Cusers.httpd.apache.org%3E"}, {"name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021", "refsource": "CISCO", "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"}, {"name": "https://www.oracle.com/security-alerts/cpujan2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"name": "https://www.tenable.com/security/tns-2021-17", "refsource": "CONFIRM", "url": "https://www.tenable.com/security/tns-2021-17"}, {"name": "https://security.netapp.com/advisory/ntap-20211008-0004/", "refsource": "CONFIRM", "url": "https://security.netapp.com/advisory/ntap-20211008-0004/"}, {"name": "https://www.oracle.com/security-alerts/cpuapr2022.html", "refsource": "MISC", "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"name": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf", "refsource": "CONFIRM", "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"}, {"name": "GLSA-202208-20", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/202208-20"}]}, "source": {"discovery": "UNKNOWN"}, "timeline": [{"lang": "en", "time": "2021-09-16T00:00:00", "value": "2.4.49 released"}]}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:44:10.131Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"name": "FEDORA-2021-dce7e7738e", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"}, {"name": "[httpd-users] 20210923 [users@httpd] 2.4.49 security fixes: more info", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"}, {"name": "[httpd-users] 20210923 Re: [users@httpd] 2.4.49 security fixes: more info", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"}, {"name": "[httpd-users] 20210923 [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"}, {"name": "[httpd-users] 20210923 Re: [users@httpd] Re: [External] : [users@httpd] 2.4.49 security fixes: more info", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"}, {"name": "FEDORA-2021-e3f6dd670d", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"}, {"name": "[debian-lts-announce] 20211002 [SECURITY] [DLA 2776-1] apache2 security update", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"}, {"name": "[httpd-bugs] 20211008 [Bug 65616] CVE-2021-36160 regression", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E"}, {"name": "DSA-4982", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4982"}, {"name": "[httpd-users] 20211019 [users@httpd] Regarding CVE-2021-40438", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E"}, {"name": "[httpd-users] 20211019 Re: [users@httpd] Regarding CVE-2021-40438", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E"}, {"name": "20211124 Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021", "tags": ["vendor-advisory", "x_refsource_CISCO", "x_transferred"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.tenable.com/security/tns-2021-17"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://security.netapp.com/advisory/ntap-20211008-0004/"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"}, {"name": "GLSA-202208-20", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/202208-20"}]}]}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2021-40438", "datePublished": "2021-09-16T14:40:23", "dateReserved": "2021-09-02T00:00:00", "dateUpdated": "2024-08-04T02:44:10.131Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"cisaActionDue": "2021-12-15", "cisaExploitAdd": "2021-12-01", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apache HTTP Server-Side Request Forgery (SSRF)", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "1691C7CE-5CDA-4B9A-854E-3B58C1115526", "versionEndIncluding": "2.4.48", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:cloud_backup:-:*:*:*:*:*:*:*", "matchCriteriaId": "5C2089EE-5D7F-47EC-8EA5-0F69790564C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*", "matchCriteriaId": "1FE996B1-6951-4F85-AA58-B99A379D2163", "vulnerable": true}, {"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*", "matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40", "vulnerable": true}, {"criteria": "cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:*:*:*:*:*:*:*", "matchCriteriaId": "B2748912-FC54-47F6-8C0C-B96784765B8E", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:f5:f5os:*:*:*:*:*:*:*:*", "matchCriteriaId": "80A2EFAB-4D06-4254-B2FE-5D1F84BDFD3A", "versionEndIncluding": "1.1.4", "versionStartIncluding": "1.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:f5:f5os:*:*:*:*:*:*:*:*", "matchCriteriaId": "DBACFB6F-D57E-4ECA-81BB-9388E64F7DF3", "versionEndIncluding": "1.2.1", "versionStartIncluding": "1.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B095CC03-7077-4A58-AB25-CC5380CDCE5A", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.3.0:*:*:*:*:*:*:*", "matchCriteriaId": "DFC79B17-E9D2-44D5-93ED-2F959E7A3D43", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:http_server:12.2.1.4.0:*:*:*:*:*:*:*", "matchCriteriaId": "AD04BEE5-E9A8-4584-A68C-0195CE9C402C", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:*:*:*:*:*:*:*", "matchCriteriaId": "82EA4BA7-C38B-4AF3-8914-9E3D089EBDD4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:*:*:*:*:*:*:*", "matchCriteriaId": "B9C9BC66-FA5F-4774-9BDA-7AB88E2839C4", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:*:*:*:*:*:*:*", "matchCriteriaId": "7F69B9A5-F21B-4904-9F27-95C0F7A628E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:secure_global_desktop:5.6:*:*:*:*:*:*:*", "matchCriteriaId": "9DA11710-9EA8-49B4-8FD1-3AEE442F6ADC", "vulnerable": true}, {"criteria": "cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:*:*:*:*:*:*:*", "matchCriteriaId": "D3E503FB-6279-4D4A-91D8-E237ECF9D2B0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:siemens:ruggedcom_nms:*:*:*:*:*:*:*:*", "matchCriteriaId": "414A7F48-EFA5-4D86-9F8D-5A179A6CFC39", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sinec_nms:*:*:*:*:*:*:*:*", "matchCriteriaId": "BEF5E6CF-BBA5-4CCF-ACB1-BEF8D2C372B8", "versionEndExcluding": "1.0.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:*:*:*:*:*:*:*:*", "matchCriteriaId": "98CC9C9A-FE14-4D50-A8EC-C309229356C8", "versionEndExcluding": "3.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:*:*:*:*:*:*:*", "matchCriteriaId": "D889831F-64D0-428A-A26C-71152C3B9974", "vulnerable": true}, {"criteria": "cpe:2.3:a:siemens:sinema_server:14.0:-:*:*:*:*:*:*", "matchCriteriaId": "B0A5CC25-A323-4D49-8989-5A417D12D646", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:tenable:tenable.sc:*:*:*:*:*:*:*:*", "matchCriteriaId": "A686FAF0-1383-4BBB-B7F5-CBCCAB55B356", "versionEndIncluding": "5.19.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier."}, {"lang": "es", "value": "Un uri-path dise\u00f1ado puede causar que mod_proxy reenv\u00ede la petici\u00f3n a un servidor de origen elegido por el usuario remoto. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores"}], "id": "CVE-2021-40438", "lastModified": "2024-07-24T17:08:07.093", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-16T15:15:07.633", "references": [{"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf"}, {"source": "security@apache.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://httpd.apache.org/security/vulnerabilities_24.html"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List"], "url": "https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html"}, {"source": "security@apache.org", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/"}, {"source": "security@apache.org", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202208-20"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20211008-0004/"}, {"source": "security@apache.org", "tags": ["Broken Link", "Third Party Advisory"], "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ"}, {"source": "security@apache.org", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4982"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpuapr2022.html"}, {"source": "security@apache.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://www.oracle.com/security-alerts/cpujan2022.html"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://www.tenable.com/security/tns-2021-17"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-918"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-918"}], "source": "security@apache.org", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2021:3746", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-httpd-0:2.4.37-76.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-10-07T00:00:00Z"}, {"advisory": "RHSA-2021:3746", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.16-7.Final_redhat_2.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-10-07T00:00:00Z"}, {"advisory": "RHSA-2021:3746", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_http2-0:1.15.7-19.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-10-07T00:00:00Z"}, {"advisory": "RHSA-2021:3746", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_jk-0:1.2.48-18.redhat_1.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-10-07T00:00:00Z"}, {"advisory": "RHSA-2021:3746", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_md-1:2.0.8-38.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-10-07T00:00:00Z"}, {"advisory": "RHSA-2021:3746", "cpe": "cpe:/a:redhat:jboss_core_services:1::el8", "package": "jbcs-httpd24-mod_security-0:2.9.2-65.GA.el8jbcs", "product_name": "JBoss Core Services for RHEL 8", "release_date": "2021-10-07T00:00:00Z"}, {"advisory": "RHSA-2021:3746", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-httpd-0:2.4.37-76.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-10-07T00:00:00Z"}, {"advisory": "RHSA-2021:3746", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_cluster-native-0:1.3.16-7.Final_redhat_2.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-10-07T00:00:00Z"}, {"advisory": "RHSA-2021:3746", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_http2-0:1.15.7-19.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-10-07T00:00:00Z"}, {"advisory": "RHSA-2021:3746", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_jk-0:1.2.48-18.redhat_1.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-10-07T00:00:00Z"}, {"advisory": "RHSA-2021:3746", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_md-1:2.0.8-38.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-10-07T00:00:00Z"}, {"advisory": "RHSA-2021:3746", "cpe": "cpe:/a:redhat:jboss_core_services:1::el7", "package": "jbcs-httpd24-mod_security-0:2.9.2-65.GA.jbcs.el7", "product_name": "JBoss Core Services on RHEL 7", "release_date": "2021-10-07T00:00:00Z"}, {"advisory": "RHSA-2021:3856", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "httpd-0:2.4.6-97.el7_9.1", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3856", "cpe": "cpe:/o:redhat:rhel_aus:7.2", "package": "httpd-0:2.4.6-40.el7_2.7", "product_name": "Red Hat Enterprise Linux 7.2 Advanced Update Support", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3856", "cpe": "cpe:/o:redhat:rhel_aus:7.3", "package": "httpd-0:2.4.6-45.el7_3.6", "product_name": "Red Hat Enterprise Linux 7.3 Advanced Update Support", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3856", "cpe": "cpe:/o:redhat:rhel_aus:7.4", "package": "httpd-0:2.4.6-67.el7_4.7", "product_name": "Red Hat Enterprise Linux 7.4 Advanced Update Support", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3856", "cpe": "cpe:/o:redhat:rhel_aus:7.6", "package": "httpd-0:2.4.6-89.el7_6.2", "product_name": "Red Hat Enterprise Linux 7.6 Advanced Update Support", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3856", "cpe": "cpe:/o:redhat:rhel_tus:7.6", "package": "httpd-0:2.4.6-89.el7_6.2", "product_name": "Red Hat Enterprise Linux 7.6 Telco Extended Update Support", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3856", "cpe": "cpe:/o:redhat:rhel_e4s:7.6", "package": "httpd-0:2.4.6-89.el7_6.2", "product_name": "Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3856", "cpe": "cpe:/o:redhat:rhel_aus:7.7", "package": "httpd-0:2.4.6-90.el7_7.1", "product_name": "Red Hat Enterprise Linux 7.7 Advanced Update Support", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3856", "cpe": "cpe:/o:redhat:rhel_tus:7.7", "package": "httpd-0:2.4.6-90.el7_7.1", "product_name": "Red Hat Enterprise Linux 7.7 Telco Extended Update Support", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3856", "cpe": "cpe:/o:redhat:rhel_e4s:7.7", "package": "httpd-0:2.4.6-90.el7_7.1", "product_name": "Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions", "release_date": "2021-10-14T00:00:00Z"}, {"advisory": "RHSA-2021:3816", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "httpd:2.4-8040020211008164252.522a0ee4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-10-12T00:00:00Z"}, {"advisory": "RHSA-2021:3837", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "httpd:2.4-8010020211008125020.c27ad7f8", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-10-13T00:00:00Z"}, {"advisory": "RHSA-2021:3836", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "httpd:2.4-8020020211008164029.4cda2c84", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2021-10-13T00:00:00Z"}, {"advisory": "RHSA-2021:3745", "cpe": "cpe:/a:redhat:jboss_core_services:1", "package": "jbcs-httpd24-httpd", "product_name": "Red Hat JBoss Core Services 1", "release_date": "2021-10-07T00:00:00Z"}, {"advisory": "RHSA-2021:3754", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "httpd24-httpd-0:2.4.34-22.el7.1", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2021-10-11T00:00:00Z"}], "bugzilla": {"description": "httpd: mod_proxy: SSRF via a crafted request uri-path containing \"unix:\"", "id": "2005117", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2005117"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-918", "details": ["A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.", "A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and inaccessible otherwise. The impact of this flaw varies based on what services and resources are available on the httpd network."], "mitigation": {"lang": "en:us", "value": "Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible."}, "name": "CVE-2021-40438", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_application_platform:6", "fix_state": "Not affected", "package_name": "httpd", "product_name": "Red Hat JBoss Enterprise Application Platform 6"}], "public_date": "2021-09-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-40438\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-40438\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "Impact of the flaw set to Important because the actions an attacker can do varies a lot based on the kind of infrastructure in place, the kind of internal services and resources, and the available endpoints on those services. The attacker should also perform some kind of target-specific reconnaissance in order to find out all the above information.\nThe version of httpd as shipped in Red Hat Enterprise Linux 7 is affected by this flaw even if the upstream code was not, because the Unix Domain Socket support required to trigger the flaw was backported.\nThe version of httpd as shipped in Red hat Enterprise Linux 6 is not affected by this flaw because there is no support for Unix Domain Socket.\nThe flaw can be triggered only if mod_proxy is in use (e.g. ProxyPass, ReverseProxy is used in the httpd configuration files).", "threat_severity": "Important", "upstream_fix": "httpd 2.4.49"}