CVE-2021-40438 — CRITICAL (9.0)

Vulnerability Description

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CVSS Score

9.0

CRITICAL

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Resf	Rocky Linux	8.0
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux Eus	8.1
Redhat	Enterprise Linux For Arm 64	8.0
Redhat	Enterprise Linux For Arm 64 Eus	8.6
Redhat	Enterprise Linux For Ibm Z Systems	7.0_s390x
Redhat	Enterprise Linux For Ibm Z Systems Eus	8.1
Redhat	Enterprise Linux For Ibm Z Systems Eus S390X	8.2
Redhat	Enterprise Linux For Power Big Endian	7.0
Redhat	Enterprise Linux For Power Little Endian	7.0
Redhat	Enterprise Linux For Power Little Endian Eus	8.1
Redhat	Enterprise Linux For Scientific Computing	7.0
Redhat	Enterprise Linux Server	7.0
Redhat	Enterprise Linux Server Aus	7.2
Redhat	Enterprise Linux Server For Power Little Endian Update Services For Sap Solutions	7.6
Redhat	Enterprise Linux Server Tus	7.6
Redhat	Enterprise Linux Server Update Services For Sap Solutions	7.6
Redhat	Enterprise Linux Update Services For Sap Solutions	8.1
Redhat	Enterprise Linux Workstation	7.0
Redhat	Jboss Core Services	1.0

Related Weaknesses (CWE)

CWE-918

References

https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdfThird Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.htmlRelease NotesVendor Advisory
https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e8494Mailing List
https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d1104379Mailing List
https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a14Mailing List
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156Mailing List
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b318Mailing List
https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33cMailing List
https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a78899778565Mailing List
https://lists.debian.org/debian-lts-announce/2021/10/msg00001.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproRelease Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproRelease Notes
https://security.gentoo.org/glsa/202208-20Third Party Advisory
https://security.netapp.com/advisory/ntap-20211008-0004/Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aBroken LinkThird Party Advisory

FAQ

What is CVE-2021-40438?

CVE-2021-40438 is a vulnerability with a CVSS score of 9.0 (CRITICAL). A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

How severe is CVE-2021-40438?

CVE-2021-40438 has been rated CRITICAL with a CVSS base score of 9.0/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2021-40438?

Check the references section above for vendor advisories and patch information. Affected products include: Resf Rocky Linux, Redhat Enterprise Linux, Redhat Enterprise Linux Eus, Redhat Enterprise Linux For Arm 64, Redhat Enterprise Linux For Arm 64 Eus.