CVE-2021-40438CISA KEV: Actively Exploited

Apache HTTP Server-Side Request Forgery (SSRF)

Published Dec 1, 2021·Updated Dec 1, 2021

Description

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Public Exploits & PoCs11 found

PoC: CVE-2021-40438

CVE-2021-40438 exploit PoC with Docker setup.

9

PoC: CVE-2021-40438

Apache forward request CVE

2

PoC: check-point-gateways-rce

Check Point Security Gateways RCE via CVE-2021-40438

1

PoC: Sigma-Rule-for-CVE-2021-40438-exploitation-attempt

Sigma-Rule-for-CVE-2021-40438-Attack-Attemp

1

PoC: check-point-gateways-rce

Check Point Security Gateways RCE via CVE-2021-40438

PoC: CVE-2021-40438

Apache <= 2.4.48 Mod_Proxy - Server-Side Request Forgery

PoC: CVE-2021-40438-Apache-2.4.48-SSRF-exploit

CVE-2021-40438 Apache <= 2.4.48 SSRF exploit

PoC: CVE-2021-40438_Docker_2

Second one for web vulnerability (FYP Project, for own use only)

PoC: CVE-2021-40438_Docker

An Application Server Docker build for CVE-2021-40438

PoC: CVE-2021-40438

check CVE-2021-40438

PoC: apache-cve-poc

Dockerized Proof-of-Concept of CVE-2021-40438 in Apache 2.4.48.

References

View on NVD Search GitHub Search Google

Get alerted for CVEs like this

Register your stack and get notified within minutes when a matching CVE drops.

Start monitoring free