Описание
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and inaccessible otherwise. The impact of this flaw varies based on what services and resources are available on the httpd network.
Отчет
Impact of the flaw set to Important because the actions an attacker can do varies a lot based on the kind of infrastructure in place, the kind of internal services and resources, and the available endpoints on those services. The attacker should also perform some kind of target-specific reconnaissance in order to find out all the above information. The version of httpd as shipped in Red Hat Enterprise Linux 7 is affected by this flaw even if the upstream code was not, because the Unix Domain Socket support required to trigger the flaw was backported. The version of httpd as shipped in Red hat Enterprise Linux 6 is not affected by this flaw because there is no support for Unix Domain Socket. The flaw can be triggered only if mod_proxy is in use (e.g. ProxyPass, ReverseProxy is used in the httpd configuration files).
Меры по смягчению последствий
Red Hat has investigated whether a possible mitigation exists for this issue, and has not been able to identify a practical example. Please update the affected package as soon as possible.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 6 | httpd | Not affected | ||
| Red Hat Enterprise Linux 9 | httpd | Not affected | ||
| Red Hat JBoss Enterprise Application Platform 6 | httpd | Not affected | ||
| JBoss Core Services for RHEL 8 | jbcs-httpd24-httpd | Fixed | RHSA-2021:3746 | 07.10.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_cluster-native | Fixed | RHSA-2021:3746 | 07.10.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_http2 | Fixed | RHSA-2021:3746 | 07.10.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_jk | Fixed | RHSA-2021:3746 | 07.10.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_md | Fixed | RHSA-2021:3746 | 07.10.2021 |
| JBoss Core Services for RHEL 8 | jbcs-httpd24-mod_security | Fixed | RHSA-2021:3746 | 07.10.2021 |
| JBoss Core Services on RHEL 7 | jbcs-httpd24-httpd | Fixed | RHSA-2021:3746 | 07.10.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
9 Critical
CVSS3
Связанные уязвимости
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
A crafted request uri-path can cause mod_proxy to forward the request ...
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
EPSS
9 Critical
CVSS3