Vulnerability Database

296,480

Total vulnerabilities in the database

CVE-2021-40438

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

  • Published: Sep 16, 2021
  • Updated: Apr 14, 2023
  • CVE: CVE-2021-40438
  • Severity: Critical
  • Exploit:

CVSS v3:

  • Severity: Critical
  • Score: 9
  • AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

CVSS v2:

  • Severity: Medium
  • Score: 6.8
  • AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

Software From Fixed in
apache / http_server - 2.4.48.x
fedoraproject / fedora 34 34.x
fedoraproject / fedora 35 35.x
debian / debian_linux 9.0 9.0.x
debian / debian_linux 10.0 10.0.x
debian / debian_linux 11.0 11.0.x
f5 / f5os 1.1.0 1.1.4.x
f5 / f5os 1.2.0 1.2.1.x
oracle / http_server 12.2.1.3.0 12.2.1.3.0.x
oracle / instantis_enterprisetrack 17.1 17.1.x
oracle / instantis_enterprisetrack 17.2 17.2.x
oracle / instantis_enterprisetrack 17.3 17.3.x
oracle / http_server 12.2.1.4.0 12.2.1.4.0.x
oracle / enterprise_manager_ops_center 12.4.0.0 12.4.0.0.x
oracle / zfs_storage_appliance_kit 8.8 8.8.x
oracle / secure_global_desktop 5.6 5.6.x
siemens / sinema_server 14.0 14.0.x
siemens / sinema_remote_connect_server - 3.1
siemens / ruggedcom_nms - -
siemens / sinec_nms - 1.0.3
siemens / sinema_remote_connect_server 3.2 3.2.x
tenable / tenable.sc - 5.19.1.x
resf / rocky_linux 8.0 8.0.x
redhat / jboss_core_services 1.0 1.0.x
redhat / software_collections 1.0 1.0.x
redhat / enterprise_linux_server_aus 7.2 7.2.x
redhat / enterprise_linux_workstation 7.0 7.0.x
redhat / enterprise_linux_for_scientific_computing 7.0 7.0.x
redhat / enterprise_linux_server 7.0 7.0.x
redhat / enterprise_linux_for_power_little_endian 7.0 7.0.x
redhat / enterprise_linux_for_power_big_endian 7.0 7.0.x
redhat / enterprise_linux_eus 8.2 8.2.x
redhat / enterprise_linux_server_aus 8.2 8.2.x
redhat / enterprise_linux_server_tus 8.2 8.2.x
redhat / enterprise_linux_eus 8.1 8.1.x
redhat / enterprise_linux_server_aus 7.7 7.7.x
redhat / enterprise_linux_server_aus 7.6 7.6.x
redhat / enterprise_linux_server_aus 7.4 7.4.x
redhat / enterprise_linux_server_aus 7.3 7.3.x
redhat / enterprise_linux_server_tus 7.7 7.7.x
redhat / enterprise_linux_server_tus 7.6 7.6.x
redhat / enterprise_linux 8.0 8.0.x
redhat / enterprise_linux_server_tus 8.4 8.4.x
redhat / enterprise_linux_for_ibm_z_systems_eus_s390x 8.2 8.2.x
redhat / enterprise_linux_for_power_little_endian_eus 8.2 8.2.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.2 8.2.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.1 8.1.x
redhat / enterprise_linux_for_power_little_endian_eus 8.1 8.1.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.1 8.1.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.6 7.6.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 7.7 7.7.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 7.7 7.7.x
redhat / enterprise_linux_server_update_services_for_sap_solutions 7.6 7.6.x
redhat / enterprise_linux_for_power_little_endian 8.0 8.0.x
redhat / enterprise_linux_for_ibm_z_systems 8.0 8.0.x
redhat / enterprise_linux_eus 8.8 8.8.x
redhat / enterprise_linux_eus 8.6 8.6.x
redhat / enterprise_linux_server_aus 8.6 8.6.x
redhat / enterprise_linux_for_power_little_endian_eus 8.6 8.6.x
redhat / enterprise_linux_server_tus 8.6 8.6.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.6 8.6.x
redhat / enterprise_linux_server_tus 8.8 8.8.x
redhat / enterprise_linux_eus 8.4 8.4.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.4 8.4.x
redhat / enterprise_linux_for_power_little_endian_eus 8.4 8.4.x
redhat / enterprise_linux_server_aus 8.4 8.4.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.4 8.4.x
redhat / enterprise_linux_update_services_for_sap_solutions 8.2 8.2.x
redhat / enterprise_linux_update_services_for_sap_solutions 8.1 8.1.x
redhat / enterprise_linux_for_ibm_z_systems 7.0_s390x 7.0_s390x.x
redhat / enterprise_linux_for_arm_64 8.0 8.0.x
redhat / enterprise_linux_for_ibm_z_systems_eus 8.8 8.8.x
redhat / enterprise_linux_for_power_little_endian_eus 8.8 8.8.x
redhat / enterprise_linux_for_arm_64_eus 8.8 8.8.x
redhat / enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions 8.8 8.8.x
redhat / enterprise_linux_update_services_for_sap_solutions 8.8 8.8.x
redhat / enterprise_linux_for_arm_64_eus 8.6 8.6.x
redhat / enterprise_linux_update_services_for_sap_solutions 8.6 8.6.x
redhat / enterprise_linux_update_services_for_sap_solutions 8.4 8.4.x