Apache mod_proxy 2.4.48 SSRF
Impact: Medium
Description
A vulnerability exists in Apache HTTP Server 2.4.48 and earlier versions, specifically within the mod_proxy module. An attacker can exploit this flaw by crafting a request uri-path in a way that causes mod_proxy to forward the request to an origin server chosen by the remote user. This vulnerability can lead to Server-Side Request Forgery (SSRF) attacks, enabling attackers to interact with internal systems or services that are not directly accessible to them.
Recommendation
To mitigate this vulnerability, it is recommended to update the Apache HTTP Server to the latest available version.
References
👉 You might also like:
Apache 2.4.49 Path Traversal and RCE - CVE-2021-41773, CVE-2021-42013
Apache mod_jk Access Control Bypass - CVE-2018-11759
Apache Struts 2 Forced double OGNL evaluation S2-059 - CVE-2019-0230
Apache Struts 2 RCE S2-045 - CVE-2017-5638
Last updated on May 13, 2024