Vulnerability: Remote User-Selected Origin Server Forwarding in Apache HTTP Server

Vulnerability: Remote User-Selected Origin Server Forwarding in Apache HTTP Server

CVE-2021-40438 · CRITICAL Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Learn more about our Cis Benchmark Audit For Apache Http Server.