Experts warn of attacks exploiting CVE-2021-40438 flaw in Apache HTTP Server


Experts warn of attacks exploiting

Threat actors are exploiting a recently addressed server-side request forgery (SSRF) vulnerability, tracked as CVE-2021-40438, in Apache HTTP servers.

The CVE-2021-40438 flaw can be exploited against httpd web servers that have the mod_proxy module enabled. A threat actor can trigger the issue using a specially crafted request to cause the module to forward the request to an arbitrary origin server.

The vulnerability was patched in mid-September with the release of version 2.4.49, it impacts version 2.4.48 and earlier.

Read more…