VDB
DEBIAN-CVE-2021-40438
DEBIAN-CVE-2021-40438
PUBLISHED
CVSS 9 CRITICAL
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Risk Scores
CVSS 3.1
9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Debian:12 | apache2 | 0, 0, 0 |
| Debian:11 | apache2 | *, 2.4.50-1, 2.4.50-1~deb11u1 |
| Debian:13 | apache2 | 0, 0, 0 |
| Debian:14 | apache2 | 0, 0, 0 |
Exploit Intelligence
- CVE-2021-40438 Apache <= 2.4.48 SSRF exploit (github-poc-repo)
- Apache <= 2.4.48 Mod_Proxy - Server-Side Request Forgery (github-poc-repo)
- Check Point Security Gateways RCE via CVE-2021-40438 (github-poc-repo)
- n0m-d/CVE-2021-40438-POC (github-poc-repo)
- n0m-d/CVE-2021-40438-POC (github-poc)
- Check Point Security Gateways RCE via CVE-2021-40438 (github-poc)
- Apache <= 2.4.48 Mod_Proxy - Server-Side Request Forgery (github-poc)
- CVE-2021-40438 Apache <= 2.4.48 SSRF exploit (github-poc)
- check CVE-2021-40438 (github-poc)
- Sigma-Rule-for-CVE-2021-40438-Attack-Attemp (github-poc)
…and 9 more exploits
Timeline
- Sep 16, 2021 CVE Published
- Apr 28, 2026 CVE Updated