CVE-2021-40438
Description
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
NVD
Severity: CRITICAL
CVE ID: CVE-2021-40438
CVSS Score: 9.0
CVSS Metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Proof Of Concept
Nuclei Templates for CVE-2021-40438
Refrence: Project Discovery GitHub
xiaojiangxl
Refrence: GitHub
sixpacksecurity
CVE-2021-40438 exploit PoC with Docker setup.
Refrence: GitHub
BabyTeam1024
Refrence: GitHub
ericmann
Dockerized Proof-of-Concept of CVE-2021-40438 in Apache 2.4.48.
Refrence: GitHub
pisut4152
Sigma-Rule-for-CVE-2021-40438-Attack-Attemp
Refrence: GitHub
Kashkovsky
Apache forward request CVE
Refrence: GitHub
gassara-kys
check CVE-2021-40438
Refrence: GitHub
sergiovks
CVE-2021-40438 Apache <= 2.4.48 SSRF exploit
Refrence: GitHub