CVE-2021-40438

Опубликовано: 16 сент. 2021

Источник: ubuntu

Приоритет: medium

EPSS Критический

CVSS2: 6.8

CVSS3: 9

Описание

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Релиз	Статус	Примечание
bionic	released	2.4.29-1ubuntu4.18
devel	released	2.4.48-3.1ubuntu2
esm-infra-legacy/trusty	not-affected	code not present
esm-infra/bionic	released	2.4.29-1ubuntu4.18
esm-infra/focal	released	2.4.41-4ubuntu3.6
esm-infra/xenial	released	2.4.18-2ubuntu3.17+esm3
focal	released	2.4.41-4ubuntu3.6
hirsute	released	2.4.46-4ubuntu1.3
impish	released	2.4.48-3.1ubuntu2
jammy	released	2.4.48-3.1ubuntu2

Показывать по

Ссылки на источники

EPSS

Процентиль: 100%

0.94432

Критический

6.8 Medium

CVSS2

9 Critical

CVSS3

Связанные уязвимости

CVE-2021-40438

CVSS3: 9

redhat

около 4 лет назад

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-40438

CVSS3: 9

nvd

около 4 лет назад

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVE-2021-40438

CVSS3: 9

msrc

около 4 лет назад

mod_proxy SSRF

CVE-2021-40438

CVSS3: 9

debian

около 4 лет назад

A crafted request uri-path can cause mod_proxy to forward the request ...

GHSA-rwxq-58vm-3v2j

CVSS3: 9

github

больше 3 лет назад

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

EPSS

Процентиль: 100%

0.94432

Критический

6.8 Medium

CVSS2

9 Critical

CVSS3

CVE-2021-40438

Описание

Пакет apache2

Ссылки на источники

Связанные уязвимости