CVE-2021-40438
Apache HTTP Server-Side Request Forgery (SSRF)
CVSS
—
No CVSS
EPSS
100.0%
p100
KEV
YES
Dec 1, 2021
Exploit Today
80
0-100
Published: — · Last modified: —
100.0%EPSS · 30 days100.0%
2026-06-302026-07-16
Product
Apache / Apache
Vulnerability
Apache HTTP Server-Side Request Forgery (SSRF)
Added to KEV
Dec 1, 2021
Remediate by
Dec 15, 2021
Known ransomware use
No
Summary description
A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
Required action
Apply updates per vendor instructions.
Notes
https://nvd.nist.gov/vuln/detail/CVE-2021-40438
No related CVEs by CWE or product.