-
Notifications
You must be signed in to change notification settings - Fork 33
/
Copy pathApache--=-2.4.48-Mod_Proxy-SSRF-(CVE-2021-40438).json
145 lines (145 loc) · 5.37 KB
/
Apache--=-2.4.48-Mod_Proxy-SSRF-(CVE-2021-40438).json
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
{
"Name": "Apache <= 2.4.48 Mod_Proxy SSRF (CVE-2021-40438)",
"Description": "<p>Apache HTTP Server is an open source web server of the Apache Foundation.</p><p>SSRF vulnerability exists in Apache HTTP Server 2.4.48 and earlier versions,a crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.</p>",
"Product": "Apache",
"Homepage": "http://httpd.apache.org/",
"DisclosureDate": "2021-10-15",
"Author": "keeeee",
"FofaQuery": "server=\"Apache\" || app=\"APACHE-Web-Server\"",
"GobyQuery": "server=\"Apache\" || app=\"APACHE-Web-Server\"",
"Level": "3",
"Impact": "<p>SSRF vulnerability exists in Apache HTTP Server 2.4.48 and earlier versions,Attackers can use this vulnerability to scan the external network, the internal network where the server is located, and the local port scan, and attack applications running on the internal network or local, etc.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://httpd.apache.org/security/vulnerabilities_24.html\" target=\"_blank\">https://httpd.apache.org/security/vulnerabilities_24.html</a><br></p>",
"References": [
"https://github.com/projectdiscovery/nuclei-templates/blob/master/cves/2021/CVE-2021-40438.yaml",
"https://nvd.nist.gov/vuln/detail/CVE-2021-40438"
],
"Translation": {
"CN": {
"Name": "Apache 小于 2.4.48版本 Mod_Proxy SSRF漏洞(CVE-2021-40438)",
"Product": "Apache",
"VulType": ["SSRF漏洞"],
"Tags": ["SSRF漏洞"],
"Description": "<p>Apache HTTP Server 是阿帕奇(Apache)基金会的一款开源网页服务器。</p><p>Apache HTTP Server 2.4.48 及更早版本存在 SSRF 漏洞,攻击者可以发送精心设计的请求 uri-path 导致 mod_proxy 将请求转发到远程用户选择的源服务器。<br></p>",
"Impact": "<p>Apache HTTP Server 2.4.48 及更早版本存在 SSRF 漏洞,攻击者可以发送精心设计的请求 uri-path 导致 mod_proxy 将请求转发到远程用户选择的源服务器。</p>",
"Recommendation": "<p>厂商已发布了漏洞修复程序,请及时关注更新: <a href=\"https://httpd.apache.org/security/vulnerabilities_24.html\" target=\"_blank\">https://httpd.apache.org/security/vulnerabilities_24.html</a><br></p>"
},
"EN": {
"Name": "Apache <= 2.4.48 Mod_Proxy SSRF (CVE-2021-40438)",
"Product": "Apache",
"VulType": [
"ssrf"
],
"Tags": [
"ssrf"
],
"Description": "<p>Apache HTTP Server is an open source web server of the Apache Foundation.</p><p>SSRF vulnerability exists in Apache HTTP Server 2.4.48 and earlier versions,a crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.</p>",
"Impact": "<p>SSRF vulnerability exists in Apache HTTP Server 2.4.48 and earlier versions,Attackers can use this vulnerability to scan the external network, the internal network where the server is located, and the local port scan, and attack applications running on the internal network or local, etc.</p>",
"Recommendation": "<p>The vendor has released a bug fix, please pay attention to the update in time: <a href=\"https://httpd.apache.org/security/vulnerabilities_24.html\">https://httpd.apache.org/security/vulnerabilities_24.html</a></p><p>1. Set access policies and whitelist access through security devices such as firewalls.</p><p>2.Upgrade the Apache system version.</p>"
}
},
"Is0day": false,
"HasExp": true,
"ExpParams": [
{
"name": "ssrf",
"type": "input",
"value": "http://www.baidu.com"
}
],
"ExpTips": {
"Type": "",
"Content": ""
},
"ScanSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"ExploitSteps": [
"AND",
{
"Request": {
"method": "GET",
"uri": "/test.php",
"follow_redirect": true,
"header": {},
"data_type": "text",
"data": ""
},
"ResponseTest": {
"type": "group",
"operation": "AND",
"checks": [
{
"type": "item",
"variable": "$code",
"operation": "==",
"value": "200",
"bz": ""
},
{
"type": "item",
"variable": "$body",
"operation": "contains",
"value": "test",
"bz": ""
}
]
},
"SetVariable": []
}
],
"Tags": [
"ssrf"
],
"VulType": [
"ssrf"
],
"CVEIDs": [
"CVE-2021-40438"
],
"CNNVD": [
""
],
"CNVD": [
""
],
"CVSSScore": "9.0",
"AttackSurfaces": {
"Application": null,
"Support": null,
"Service": null,
"System": null,
"Hardware": null
}
}