Apache Httpd 2.4.46 Exploit New! 📢

(mod_proxy SSRF): A request-smuggling-like flaw in mod_proxy allows a crafted request to forward requests to an arbitrary origin server. This affects 2.4.48 and earlier, including 2.4.46. Impact : Server-side request forgery, potentially exposing internal services.

Apache mod_proxy Server-Side Request Forgery (SSRF) Vulnerability (CVE-2021-40438) * What is SSRF? Server-side request forgery is ... Qualys ThreatPROTECT Apache HTTP Server mod_proxy SSRF (CVE-2021-40438) Description. A Server-Side Request Forgery (SSRF) vulnerability exists in Apache HTTP Server versions 2.4. 48 and earlier when usi... Acunetix CVE-2021-40438: Apache HTTP Server SSRF CVE-2021-40438 is a Server-Side Request Forgery (SSRF) vulnerability found in Apache HTTP Server versions 2.4. 48 and earlier. The... UK Government Security CVE-2021-40438: Resf Rocky Linux SSRF Vulnerability - SentinelOne Mar 4, 2026 —

If the server is vulnerable and the request is properly crafted, this could lead to remote code execution. apache httpd 2.4.46 exploit

command=id

The Apache HTTP Server, commonly referred to as httpd, is one of the most widely used web server software across the globe. Its ubiquity in serving web content makes it a prime target for attackers. Recently, two critical vulnerabilities were discovered in Apache httpd version 2.4.46 and earlier, which could allow attackers to exploit these weaknesses for malicious purposes. This post will delve into the details of these vulnerabilities, identified as CVE-2021-41773 and CVE-2021-42013, and discuss how they can be exploited. A Server-Side Request Forgery (SSRF) vulnerability exists in

: A specially crafted Digest nonce can trigger a stack overflow. URL Matching (MergeSlashes OFF) : Vulnerability : CVE-2021-30641 .

:

The exploitation of CVE-2021-42013 involves a similar approach to CVE-2021-41773 but with the potential for more severe impacts. An attacker could craft a request that not only traverses the file system but also injects code, potentially leading to a fully compromised server.

© Tricosal Heinrich Schmid GmbH & Co. KG

Hinweisgeberstelle Impressum Datenschutz

Kontakt zu uns

=
Nach oben