ID

VAR-202109-1802


CVE

CVE-2021-40438


TITLE

Apache HTTP Server  Vulnerability in which a request is forwarded to a remote user's selected origin server in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004150

DESCRIPTION

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the REST service, which listens on TCP port 443 by default. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. The server is fast, reliable and extensible through a simple API. The vulnerability stems from the mod_proxy module failing to properly validate user input. For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6. For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd24-httpd security update Advisory ID: RHSA-2021:3754-01 Product: Red Hat Software Collections Advisory URL: https://access.redhat.com/errata/RHSA-2021:3754 Issue date: 2021-10-11 CVE Names: CVE-2021-40438 ===================================================================== 1. Summary: An update for httpd24-httpd is now available for Red Hat Software Collections. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64le, s390x, x86_64 Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 3. Security Fix(es): * httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2005117 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" 6. Package List: Red Hat Software Collections for Red Hat Enterprise Linux Server (v. 7): Source: httpd24-httpd-2.4.34-22.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.34-22.el7.1.noarch.rpm ppc64le: httpd24-httpd-2.4.34-22.el7.1.ppc64le.rpm httpd24-httpd-debuginfo-2.4.34-22.el7.1.ppc64le.rpm httpd24-httpd-devel-2.4.34-22.el7.1.ppc64le.rpm httpd24-httpd-tools-2.4.34-22.el7.1.ppc64le.rpm httpd24-mod_ldap-2.4.34-22.el7.1.ppc64le.rpm httpd24-mod_proxy_html-2.4.34-22.el7.1.ppc64le.rpm httpd24-mod_session-2.4.34-22.el7.1.ppc64le.rpm httpd24-mod_ssl-2.4.34-22.el7.1.ppc64le.rpm s390x: httpd24-httpd-2.4.34-22.el7.1.s390x.rpm httpd24-httpd-debuginfo-2.4.34-22.el7.1.s390x.rpm httpd24-httpd-devel-2.4.34-22.el7.1.s390x.rpm httpd24-httpd-tools-2.4.34-22.el7.1.s390x.rpm httpd24-mod_ldap-2.4.34-22.el7.1.s390x.rpm httpd24-mod_proxy_html-2.4.34-22.el7.1.s390x.rpm httpd24-mod_session-2.4.34-22.el7.1.s390x.rpm httpd24-mod_ssl-2.4.34-22.el7.1.s390x.rpm x86_64: httpd24-httpd-2.4.34-22.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-22.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-22.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-22.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-22.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-22.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-22.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-22.el7.1.x86_64.rpm Red Hat Software Collections for Red Hat Enterprise Linux Workstation (v. 7): Source: httpd24-httpd-2.4.34-22.el7.1.src.rpm noarch: httpd24-httpd-manual-2.4.34-22.el7.1.noarch.rpm x86_64: httpd24-httpd-2.4.34-22.el7.1.x86_64.rpm httpd24-httpd-debuginfo-2.4.34-22.el7.1.x86_64.rpm httpd24-httpd-devel-2.4.34-22.el7.1.x86_64.rpm httpd24-httpd-tools-2.4.34-22.el7.1.x86_64.rpm httpd24-mod_ldap-2.4.34-22.el7.1.x86_64.rpm httpd24-mod_proxy_html-2.4.34-22.el7.1.x86_64.rpm httpd24-mod_session-2.4.34-22.el7.1.x86_64.rpm httpd24-mod_ssl-2.4.34-22.el7.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-40438 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYWPv89zjgjWX9erEAQh+HQ/+Mr61mPjck8LrEO5IkIK9uLSTpa/x2hjl 1ZShE2Gq//o6v1tBdVShGwljtwhdxFpMUvzlPKc9ghi8KN5u9pd5cjPb3gFUWl+g WWL/6MMkxHx0YJXg9SpxTG0rWrys7dkfNUswm8guMP9MxHPwIorm+fwKqxSDIMPJ 3e36FwcdvH1seyhr41cwBFopt3gv805IUTiyg/Cjmt1NW7dX0SEfkrXh4SytqJwt doSOZx/x6R2jSJlTUhcTlwrUdSrNTH1y44E0AcZm7ADappGDmAhjNOKjcky0+WFt CqQYcqXk7qnszCy9sRPqJizpU6Vaumq8G+1Jra7WSiZufHa0ega56Q/P+x72j3Hv pq1DQGLNRJYj5/CLMYeNJFdabRabpiB8QK1xZXeL+3YsQmUCb1edcMi65jjeZc7i 2Wd6OuWrqWSaKWoXzqB5NWvhrnN8Ck4qqt4J5LfmqtK08vEdrDgHdqwpaysYzoVN RiMLoNHS307FTnOiaPNPGpSq2WYivdt7K6MIoeqtHovCbjpsmsXn9badpeQ+JB0U pbfJihFlNlkUrX/OSQANZRDvgeRItlew7IlUoh/6gFm5BRRBs6C4wXV+K4dndePO DP8hwdMn6vSivx4Cp4bBx65v8h8ZyWRlgSK6DLal28ri25dM4SM5V9BSpkfSyJiY rXVCHDHZrQY= =4XHG -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" All Apache HTTPD tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" References ========= [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . Refer to the Release Notes for information on the security fix included in this release. Solution: Before applying this update, make sure all previously released errata relevant to your system have been applied. ========================================================================== Ubuntu Security Notice USN-5090-3 September 28, 2021 apache2 regression ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: USN-5090-1 introduced a regression in Apache HTTP Server. One of the upstream fixes introduced a regression in UDS URIs. This update fixes the problem. Original advisory details: James Kettle discovered that the Apache HTTP Server HTTP/2 module incorrectly handled certain crafted methods. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. (CVE-2021-40438) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: apache2 2.4.46-4ubuntu1.3 apache2-bin 2.4.46-4ubuntu1.3 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.6 apache2-bin 2.4.41-4ubuntu3.6 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.18 apache2-bin 2.4.29-1ubuntu4.18 In general, a standard system update will make all the necessary changes

Trust: 3.69

sources: NVD: CVE-2021-40438 // JVNDB: JVNDB-2021-004150 // ZDI: ZDI-24-812 // CNVD: CNVD-2022-03224 // VULHUB: VHN-401786 // VULMON: CVE-2021-40438 // PACKETSTORM: 169132 // PACKETSTORM: 164493 // PACKETSTORM: 164505 // PACKETSTORM: 164460 // PACKETSTORM: 168072 // PACKETSTORM: 164448 // PACKETSTORM: 164329 // PACKETSTORM: 164318

IOT TAXONOMY

category:['Network device']sub_category: -

Trust: 0.6

sources: CNVD: CNVD-2022-03224

AFFECTED PRODUCTS

vendor:siemensmodel:sinema remote connect serverscope:ltversion:3.1

Trust: 1.0

vendor:netappmodel:cloud backupscope:eqversion: -

Trust: 1.0

vendor:f5model:f5osscope:gteversion:1.2.0

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:34

Trust: 1.0

vendor:fedoraprojectmodel:fedorascope:eqversion:35

Trust: 1.0

vendor:netappmodel:storagegridscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:11.0

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.3

Trust: 1.0

vendor:oraclemodel:secure global desktopscope:eqversion:5.6

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:siemensmodel:ruggedcom nmsscope:eqversion:*

Trust: 1.0

vendor:broadcommodel:brocade fabric operating systemscope:eqversion: -

Trust: 1.0

vendor:siemensmodel:sinema remote connect serverscope:eqversion:3.2

Trust: 1.0

vendor:netappmodel:clustered data ontapscope:eqversion: -

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:10.0

Trust: 1.0

vendor:apachemodel:http serverscope:lteversion:2.4.48

Trust: 1.0

vendor:oraclemodel:enterprise manager ops centerscope:eqversion:12.4.0.0

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.4.0

Trust: 1.0

vendor:siemensmodel:sinema serverscope:eqversion:14.0

Trust: 1.0

vendor:f5model:f5osscope:lteversion:1.1.4

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.1

Trust: 1.0

vendor:oraclemodel:zfs storage appliance kitscope:eqversion:8.8

Trust: 1.0

vendor:tenablemodel:tenable.scscope:lteversion:5.19.1

Trust: 1.0

vendor:f5model:f5osscope:lteversion:1.2.1

Trust: 1.0

vendor:oraclemodel:instantis enterprisetrackscope:eqversion:17.2

Trust: 1.0

vendor:f5model:f5osscope:gteversion:1.1.0

Trust: 1.0

vendor:siemensmodel:sinec nmsscope:ltversion:1.0.3

Trust: 1.0

vendor:oraclemodel:http serverscope:eqversion:12.2.1.3.0

Trust: 1.0

vendor:日立model:hitachi infrastructure analytics advisorscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:netappmodel:clustered data ontapscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center api configuration managerscope: - version: -

Trust: 0.8

vendor:apachemodel:http serverscope: - version: -

Trust: 0.8

vendor:f5model:f5osscope: - version: -

Trust: 0.8

vendor:netappmodel:storagegridscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:日立model:hitachi configuration managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi device managerscope: - version: -

Trust: 0.8

vendor:日立model:hitachi ops center analyzerscope: - version: -

Trust: 0.8

vendor:hewlett packardmodel:oneviewscope: - version: -

Trust: 0.7

vendor:apachemodel:http serverscope:lteversion:<=2.4.48

Trust: 0.6

sources: ZDI: ZDI-24-812 // CNVD: CNVD-2022-03224 // JVNDB: JVNDB-2021-004150 // NVD: CVE-2021-40438

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-40438
value: CRITICAL

Trust: 1.0

NVD: CVE-2021-40438
value: CRITICAL

Trust: 0.8

ZDI: CVE-2021-40438
value: HIGH

Trust: 0.7

CNVD: CNVD-2022-03224
value: MEDIUM

Trust: 0.6

VULHUB: VHN-401786
value: MEDIUM

Trust: 0.1

VULMON: CVE-2021-40438
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-40438
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

CNVD: CNVD-2022-03224
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.6

VULHUB: VHN-401786
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-40438
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.2
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-40438
baseSeverity: CRITICAL
baseScore: 9.0
vectorString: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: HIGH
privilegesRequired: NONE
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2021-40438
baseSeverity: HIGH
baseScore: 8.2
vectorString: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: LOW
availabilityImpact: NONE
exploitabilityScore: 3.9
impactScore: 4.2
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-24-812 // CNVD: CNVD-2022-03224 // VULHUB: VHN-401786 // VULMON: CVE-2021-40438 // JVNDB: JVNDB-2021-004150 // NVD: CVE-2021-40438

PROBLEMTYPE DATA

problemtype:CWE-918

Trust: 1.1

problemtype:Server-side request forgery (CWE-918) [NVD Evaluation ]

Trust: 0.8

sources: VULHUB: VHN-401786 // JVNDB: JVNDB-2021-004150 // NVD: CVE-2021-40438

THREAT TYPE

remote

Trust: 0.3

sources: PACKETSTORM: 168072 // PACKETSTORM: 164329 // PACKETSTORM: 164318

TYPE

arbitrary

Trust: 0.3

sources: PACKETSTORM: 169132 // PACKETSTORM: 164329 // PACKETSTORM: 164318

PATCH

title:hitachi-sec-2021-139url:https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 0.8

title:Hewlett Packard Enterprise has issued an update to correct this vulnerability.url:https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04586en_us&docLocale=en_US

Trust: 0.7

title:Patch for Apache HTTP Server mod_proxy server request forgery vulnerabilityurl:https://www.cnvd.org.cn/patchInfo/show/313356

Trust: 0.6

title:Red Hat: CVE-2021-40438url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-40438

Trust: 0.1

title:Debian Security Advisories: DSA-4982-1 apache2 -- security updateurl:https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=93a29f7ecf9a6aaba79d3b3320aa4b85

Trust: 0.1

title:Arch Linux Issues: url:https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-40438 log

Trust: 0.1

title:Hitachi Security Advisories: Vulnerability in Hitachi Command Suite, Hitachi Ops Center API Configuration Manager,Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzerurl:https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-139

Trust: 0.1

title:Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1url:https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-17

Trust: 0.1

title:Amazon Linux AMI: ALAS-2021-1543url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1543

Trust: 0.1

title:Amazon Linux 2: ALAS2-2021-1716url:https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1716

Trust: 0.1

title:Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021url:https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ

Trust: 0.1

title:CVE-2021-40438 exploit PoC with Docker setupurl:https://github.com/sixpacksecurity/CVE-2021-40438

Trust: 0.1

title:CVE-2021-40438url:https://github.com/gassara-kys/CVE-2021-40438

Trust: 0.1

title:CVE-2021-40438url:https://github.com/Kashkovsky/CVE-2021-40438

Trust: 0.1

title:scan_ssrf.shurl:https://github.com/vsh00t/BB-PoC

Trust: 0.1

title:CVE-2021-40438url:https://github.com/xiaojiangxl/CVE-2021-40438

Trust: 0.1

sources: ZDI: ZDI-24-812 // CNVD: CNVD-2022-03224 // VULMON: CVE-2021-40438 // JVNDB: JVNDB-2021-004150

EXTERNAL IDS

db:NVDid:CVE-2021-40438

Trust: 4.1

db:SIEMENSid:SSA-685781

Trust: 1.1

db:TENABLEid:TNS-2021-17

Trust: 1.1

db:JVNDBid:JVNDB-2021-004150

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-22691

Trust: 0.7

db:ZDIid:ZDI-24-812

Trust: 0.7

db:CNVDid:CNVD-2022-03224

Trust: 0.7

db:PACKETSTORMid:168072

Trust: 0.2

db:VULHUBid:VHN-401786

Trust: 0.1

db:VULMONid:CVE-2021-40438

Trust: 0.1

db:PACKETSTORMid:169132

Trust: 0.1

db:PACKETSTORMid:164493

Trust: 0.1

db:PACKETSTORMid:164505

Trust: 0.1

db:PACKETSTORMid:164460

Trust: 0.1

db:PACKETSTORMid:164448

Trust: 0.1

db:PACKETSTORMid:164329

Trust: 0.1

db:PACKETSTORMid:164318

Trust: 0.1

sources: ZDI: ZDI-24-812 // CNVD: CNVD-2022-03224 // VULHUB: VHN-401786 // VULMON: CVE-2021-40438 // JVNDB: JVNDB-2021-004150 // PACKETSTORM: 169132 // PACKETSTORM: 164493 // PACKETSTORM: 164505 // PACKETSTORM: 164460 // PACKETSTORM: 168072 // PACKETSTORM: 164448 // PACKETSTORM: 164329 // PACKETSTORM: 164318 // NVD: CVE-2021-40438

REFERENCES

url:https://nvd.nist.gov/vuln/detail/cve-2021-40438

Trust: 2.2

url:https://security.gentoo.org/glsa/202208-20

Trust: 1.2

url:https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf

Trust: 1.1

url:https://security.netapp.com/advisory/ntap-20211008-0004/

Trust: 1.1

url:https://www.tenable.com/security/tns-2021-17

Trust: 1.1

url:https://www.debian.org/security/2021/dsa-4982

Trust: 1.1

url:https://httpd.apache.org/security/vulnerabilities_24.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpuapr2022.html

Trust: 1.1

url:https://www.oracle.com/security-alerts/cpujan2022.html

Trust: 1.1

url:https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html

Trust: 1.1

url:https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3cbugs.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3cusers.httpd.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/

Trust: 1.0

url:https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3cusers.httpd.apache.org%3e

Trust: 1.0

url:https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/

Trust: 1.0

url:https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e

Trust: 1.0

url:https://support.hpe.com/hpesc/public/docdisplay?docid=hpesbgn04586en_us&doclocale=en_us

Trust: 0.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-36160

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-34798

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-39275

Trust: 0.4

url:https://listman.redhat.com/mailman/listinfo/rhsa-announce

Trust: 0.4

url:https://access.redhat.com/security/cve/cve-2021-40438

Trust: 0.4

url:https://access.redhat.com/security/updates/classification/#important

Trust: 0.4

url:https://access.redhat.com/articles/11258

Trust: 0.4

url:https://access.redhat.com/security/team/key/

Trust: 0.4

url:https://bugzilla.redhat.com/):

Trust: 0.4

url:https://access.redhat.com/security/team/contact/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-33193

Trust: 0.3

url:https://ubuntu.com/security/notices/usn-5090-1

Trust: 0.2

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/

Trust: 0.1

url:https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3cusers.httpd.apache.org%3e

Trust: 0.1

url:https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3cusers.httpd.apache.org%3e

Trust: 0.1

url:https://www.debian.org/security/faq

Trust: 0.1

url:https://www.debian.org/security/

Trust: 0.1

url:https://security-tracker.debian.org/tracker/apache2

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3816

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-26691

Trust: 0.1

url:https://access.redhat.com/security/cve/cve-2021-26691

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3836

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3754

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22721

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28614

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-31813

Trust: 0.1

url:https://bugs.gentoo.org.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-29404

Trust: 0.1

url:https://creativecommons.org/licenses/by-sa/2.5

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44790

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-28615

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30522

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-41524

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-44224

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22719

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-30556

Trust: 0.1

url:https://security.gentoo.org/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-42013

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-23943

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-22720

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2022-26377

Trust: 0.1

url:https://access.redhat.com/errata/rhsa-2021:3746

Trust: 0.1

url:https://launchpad.net/bugs/xxxxxx

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5090-4

Trust: 0.1

url:https://ubuntu.com/security/notices/usn-5090-3

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.6

Trust: 0.1

url:https://launchpad.net/bugs/1945311

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.18

Trust: 0.1

url:https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.3

Trust: 0.1

sources: ZDI: ZDI-24-812 // CNVD: CNVD-2022-03224 // VULHUB: VHN-401786 // JVNDB: JVNDB-2021-004150 // PACKETSTORM: 169132 // PACKETSTORM: 164493 // PACKETSTORM: 164505 // PACKETSTORM: 164460 // PACKETSTORM: 168072 // PACKETSTORM: 164448 // PACKETSTORM: 164329 // PACKETSTORM: 164318 // NVD: CVE-2021-40438

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-24-812

SOURCES

db:ZDIid:ZDI-24-812
db:CNVDid:CNVD-2022-03224
db:VULHUBid:VHN-401786
db:VULMONid:CVE-2021-40438
db:JVNDBid:JVNDB-2021-004150
db:PACKETSTORMid:169132
db:PACKETSTORMid:164493
db:PACKETSTORMid:164505
db:PACKETSTORMid:164460
db:PACKETSTORMid:168072
db:PACKETSTORMid:164448
db:PACKETSTORMid:164329
db:PACKETSTORMid:164318
db:NVDid:CVE-2021-40438

LAST UPDATE DATE

2024-12-23T21:14:10.912000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-24-812date:2024-08-15T00:00:00
db:CNVDid:CNVD-2022-03224date:2022-01-13T00:00:00
db:VULHUBid:VHN-401786date:2022-10-05T00:00:00
db:VULMONid:CVE-2021-40438date:2023-11-07T00:00:00
db:JVNDBid:JVNDB-2021-004150date:2021-11-16T05:31:00
db:NVDid:CVE-2021-40438date:2024-11-21T06:24:06.787

SOURCES RELEASE DATE

db:ZDIid:ZDI-24-812date:2024-06-18T00:00:00
db:CNVDid:CNVD-2022-03224date:2022-01-13T00:00:00
db:VULHUBid:VHN-401786date:2021-09-16T00:00:00
db:VULMONid:CVE-2021-40438date:2021-09-16T00:00:00
db:JVNDBid:JVNDB-2021-004150date:2021-11-16T00:00:00
db:PACKETSTORMid:169132date:2021-10-28T19:12:00
db:PACKETSTORMid:164493date:2021-10-13T14:52:48
db:PACKETSTORMid:164505date:2021-10-13T15:23:01
db:PACKETSTORMid:164460date:2021-10-11T14:23:47
db:PACKETSTORMid:168072date:2022-08-15T16:02:48
db:PACKETSTORMid:164448date:2021-10-08T15:22:49
db:PACKETSTORMid:164329date:2021-09-29T14:50:01
db:PACKETSTORMid:164318date:2021-09-28T15:23:06
db:NVDid:CVE-2021-40438date:2021-09-16T15:15:07.633