VDB

DEBIAN-CVE-2021-40438

DEBIAN-CVE-2021-40438 PUBLISHED CVSS 9 CRITICAL

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Risk Scores

CVSS 3.1
9
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Affected Products

VendorProductVersions
Debian:12apache20, 0, 0
Debian:11apache2*, 2.4.50-1, 2.4.50-1~deb11u1
Debian:13apache20, 0, 0
Debian:14apache20, 0, 0

Timeline

  • Sep 16, 2021 CVE Published
  • Apr 28, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›