Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

Apache

Source -

CISA

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

1

NVD CVEs -

0
Related CVEsRelated VendorsRelated AssignersReports
1Vulnerabilities found
CVE-2021-40438
Assigner-Apache Software Foundation
ShareView Details
Assigner-Apache Software Foundation
CVSS Score-9||CRITICAL
EPSS-94.43% / 99.99%
||
7 Day CHG~0.00%
Published-16 Sep, 2021 | 14:40
Updated-27 Oct, 2025 | 17:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Known KEV||Action Due Date - 2021-12-15||Apply updates per vendor instructions.
mod_proxy SSRF

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Action-Not Available
Vendor-resfOracle CorporationNetApp, Inc.Siemens AGRed Hat, Inc.Broadcom Inc.F5, Inc.The Apache Software FoundationTenable, Inc.Debian GNU/LinuxFedora Project
Product-enterprise_linux_for_ibm_z_systemsenterprise_linux_server_update_services_for_sap_solutionsjboss_core_servicesinstantis_enterprisetrackenterprise_linux_serversinema_serversinema_remote_connect_serversinec_nmstenable.sccloud_backupzfs_storage_appliance_kitsecure_global_desktopruggedcom_nmssoftware_collectionsdebian_linuxenterprise_linux_update_services_for_sap_solutionsenterprise_linux_for_power_little_endian_eusenterprise_linux_for_ibm_z_systems_eusenterprise_linux_for_power_big_endianenterprise_linux_for_arm_64clustered_data_ontapenterprise_linux_server_for_power_little_endian_update_services_for_sap_solutionsf5osenterprise_linuxenterprise_linux_eusenterprise_linux_for_ibm_z_systems_eus_s390xenterprise_linux_for_power_little_endianbrocade_fabric_operating_system_firmwareenterprise_manager_ops_centerenterprise_linux_for_arm_64_eushttp_serverrocky_linuxenterprise_linux_server_workstationenterprise_linux_server_ausenterprise_linux_server_tusfedoraenterprise_linux_for_scientific_computingenterprise_linux_workstationstoragegridApache HTTP ServerApache
CWE ID-CWE-918
Server-Side Request Forgery (SSRF)