.. / CVE-2021-40438

Exploit for Apache <= 2.4.48 Mod_Proxy - Server-Side Request Forgery (CVE-2021-40438)

Description:

Apache 2.4.48 and below contain an issue where uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user.

Nuclei Template

View the template here CVE-2021-40438.yaml

Validate with Nuclei

echo "$URL" | nuclei -t ~/nuclei-templates/http/cves/2021/CVE-2021-40438.yaml

References:

https://firzen.de/building-a-poc-for-cve-2021-40438
https://nvd.nist.gov/vuln/detail/CVE-2021-40438
https://httpd.apache.org/security/vulnerabilities_24.html
https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3Cusers.httpd.apache.org%3E
https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf