Details of VAR-202109-1802

ID

VAR-202109-1802

CVE

CVE-2021-40438

TITLE

Apache HTTP Server Vulnerability in which a request is forwarded to a remote user's selected origin server in

Trust: 0.8

sources: JVNDB: JVNDB-2021-004150

DESCRIPTION

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. This vulnerability allows remote attackers to initiate arbitrary server-side requests on affected installations of Hewlett Packard Enterprise OneView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the REST service, which listens on TCP port 443 by default. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of root. The server is fast, reliable and extensible through a simple API. The vulnerability stems from the mod_proxy module failing to properly validate user input. For the oldstable distribution (buster), these problems have been fixed in version 2.4.38-3+deb10u6. For the stable distribution (bullseye), these problems have been fixed in version 2.4.51-1~deb11u1. We recommend that you upgrade your apache2 packages. For the detailed security status of apache2 please refer to its security tracker page at: https://security-tracker.debian.org/tracker/apache2 Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/ Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmFgr44ACgkQEMKTtsN8 TjbophAAiZ+fhF2r8BUbQkL8BhpfqjA+hVsp9WEMTn8Gq6kiW0wLvK3jWPM301Ou D4gHqKmFPmYNC1KBOyk/lJdxyD7iTUweUyLi3WXzxhIDMx0kxkRw1oXlyCHzIqSJ M277bgk32h2cDCbsXjrN/8agKPcKgfwDqiyf/igfEq6V8OB2zVvJPKVFq45n54+q 4FPXSyx1g2u5ewSeXbU2uHDej6Qborui4osDdbwx8CT6aETi0cIXJ8RbXF3PUCHG 5DzZagnRq6GumPsl01jcPu7b9Ck8MlkxMSG3FRsSIJVkwpsQ2C34ywIJkFlzUZZh jhdVUrfbyfLpSdcPcipAAjl9I6gDqa9SFdMRK7ixCpQ6iTiVeDZdJ8pA4jnSweNQ THik07di9R0juX0p7peQiIyBKrEf7Y3WSvLOn0SBKXvZnzc/72rH2nP5FclsgCsV TWxptziGridC43KB8/tDJAAOXVF2lzylzF70V/UGTNo1jk9w3/p6btU1iuzKspyY Y4aPZla3DImI8mezrgFrGYNg7bZYLKuJyGDADKih2sUQpzmDZ6MJxKAE3NLRWyQa 7cCJdoNR9yVqytEw1Y/ZRXAXWfMb3Y1ts2EqR8hzLQgMYb0JC58cLMG3T0RgyPoO A4CTIoYpK1WnsykAE8M4XFrnOW3lrtse6T8N/dTVMuodElAEhc0= =/At6 -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ===================================================================== Red Hat Security Advisory Synopsis: Important: httpd security update Advisory ID: RHSA-2021:3856-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:3856 Issue date: 2021-10-14 CVE Names: CVE-2021-40438 ===================================================================== 1. Summary: An update for httpd is now available for Red Hat Enterprise Linux 7, Red Hat Enterprise Linux 7.2 Advanced Update Support, Red Hat Enterprise Linux 7.3 Advanced Update Support, Red Hat Enterprise Linux 7.4 Advanced Update Support, Red Hat Enterprise Linux 7.6 Advanced Update Support, Red Hat Enterprise Linux 7.6 Telco Extended Update Support, Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions, Red Hat Enterprise Linux 7.7 Advanced Update Support, Red Hat Enterprise Linux 7.7 Telco Extended Update Support, and Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux Client Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux ComputeNode Optional (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Server (v. 7) - noarch, ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.2) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.3) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.4) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server AUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.6) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server E4S (v. 7.7) - noarch, ppc64le, x86_64 Red Hat Enterprise Linux Server Optional (v. 7) - ppc64, ppc64le, s390x, x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.2) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.3) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.4) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional AUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server Optional E4S (v. 7.6) - ppc64le, x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.6) - x86_64 Red Hat Enterprise Linux Server Optional TUS (v. 7.7) - x86_64 Red Hat Enterprise Linux Server TUS (v. 7.6) - noarch, x86_64 Red Hat Enterprise Linux Server TUS (v. 7.7) - noarch, x86_64 Red Hat Enterprise Linux Workstation (v. 7) - noarch, x86_64 Red Hat Enterprise Linux Workstation Optional (v. 7) - x86_64 3. Security Fix(es): * httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" (CVE-2021-40438) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing the updated packages, the httpd daemon will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 2005117 - CVE-2021-40438 httpd: mod_proxy: SSRF via a crafted request uri-path containing "unix:" 6. Package List: Red Hat Enterprise Linux Client Optional (v. 7): Source: httpd-2.4.6-97.el7_9.1.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm Red Hat Enterprise Linux ComputeNode Optional (v. 7): Source: httpd-2.4.6-97.el7_9.1.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 7.2): Source: httpd-2.4.6-40.el7_2.7.src.rpm noarch: httpd-manual-2.4.6-40.el7_2.7.noarch.rpm x86_64: httpd-2.4.6-40.el7_2.7.x86_64.rpm httpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm httpd-devel-2.4.6-40.el7_2.7.x86_64.rpm httpd-tools-2.4.6-40.el7_2.7.x86_64.rpm mod_ssl-2.4.6-40.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 7.3): Source: httpd-2.4.6-45.el7_3.6.src.rpm noarch: httpd-manual-2.4.6-45.el7_3.6.noarch.rpm x86_64: httpd-2.4.6-45.el7_3.6.x86_64.rpm httpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm httpd-devel-2.4.6-45.el7_3.6.x86_64.rpm httpd-tools-2.4.6-45.el7_3.6.x86_64.rpm mod_ssl-2.4.6-45.el7_3.6.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 7.4): Source: httpd-2.4.6-67.el7_4.7.src.rpm noarch: httpd-manual-2.4.6-67.el7_4.7.noarch.rpm x86_64: httpd-2.4.6-67.el7_4.7.x86_64.rpm httpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm httpd-devel-2.4.6-67.el7_4.7.x86_64.rpm httpd-tools-2.4.6-67.el7_4.7.x86_64.rpm mod_session-2.4.6-67.el7_4.7.x86_64.rpm mod_ssl-2.4.6-67.el7_4.7.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 7.6): Source: httpd-2.4.6-89.el7_6.2.src.rpm noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.6): Source: httpd-2.4.6-89.el7_6.2.src.rpm noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm ppc64le: httpd-2.4.6-89.el7_6.2.ppc64le.rpm httpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm httpd-devel-2.4.6-89.el7_6.2.ppc64le.rpm httpd-tools-2.4.6-89.el7_6.2.ppc64le.rpm mod_session-2.4.6-89.el7_6.2.ppc64le.rpm mod_ssl-2.4.6-89.el7_6.2.ppc64le.rpm x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.6): Source: httpd-2.4.6-89.el7_6.2.src.rpm noarch: httpd-manual-2.4.6-89.el7_6.2.noarch.rpm x86_64: httpd-2.4.6-89.el7_6.2.x86_64.rpm httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm httpd-devel-2.4.6-89.el7_6.2.x86_64.rpm httpd-tools-2.4.6-89.el7_6.2.x86_64.rpm mod_session-2.4.6-89.el7_6.2.x86_64.rpm mod_ssl-2.4.6-89.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Server AUS (v. 7.7): Source: httpd-2.4.6-90.el7_7.1.src.rpm noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm Red Hat Enterprise Linux Server E4S (v. 7.7): Source: httpd-2.4.6-90.el7_7.1.src.rpm noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm ppc64le: httpd-2.4.6-90.el7_7.1.ppc64le.rpm httpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm httpd-devel-2.4.6-90.el7_7.1.ppc64le.rpm httpd-tools-2.4.6-90.el7_7.1.ppc64le.rpm mod_session-2.4.6-90.el7_7.1.ppc64le.rpm mod_ssl-2.4.6-90.el7_7.1.ppc64le.rpm x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm Red Hat Enterprise Linux Server TUS (v. 7.7): Source: httpd-2.4.6-90.el7_7.1.src.rpm noarch: httpd-manual-2.4.6-90.el7_7.1.noarch.rpm x86_64: httpd-2.4.6-90.el7_7.1.x86_64.rpm httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm httpd-devel-2.4.6-90.el7_7.1.x86_64.rpm httpd-tools-2.4.6-90.el7_7.1.x86_64.rpm mod_session-2.4.6-90.el7_7.1.x86_64.rpm mod_ssl-2.4.6-90.el7_7.1.x86_64.rpm Red Hat Enterprise Linux Server (v. 7): Source: httpd-2.4.6-97.el7_9.1.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm ppc64: httpd-2.4.6-97.el7_9.1.ppc64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm httpd-devel-2.4.6-97.el7_9.1.ppc64.rpm httpd-tools-2.4.6-97.el7_9.1.ppc64.rpm mod_session-2.4.6-97.el7_9.1.ppc64.rpm mod_ssl-2.4.6-97.el7_9.1.ppc64.rpm ppc64le: httpd-2.4.6-97.el7_9.1.ppc64le.rpm httpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm httpd-devel-2.4.6-97.el7_9.1.ppc64le.rpm httpd-tools-2.4.6-97.el7_9.1.ppc64le.rpm mod_session-2.4.6-97.el7_9.1.ppc64le.rpm mod_ssl-2.4.6-97.el7_9.1.ppc64le.rpm s390x: httpd-2.4.6-97.el7_9.1.s390x.rpm httpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm httpd-devel-2.4.6-97.el7_9.1.s390x.rpm httpd-tools-2.4.6-97.el7_9.1.s390x.rpm mod_session-2.4.6-97.el7_9.1.s390x.rpm mod_ssl-2.4.6-97.el7_9.1.s390x.rpm x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.2): x86_64: httpd-debuginfo-2.4.6-40.el7_2.7.x86_64.rpm mod_ldap-2.4.6-40.el7_2.7.x86_64.rpm mod_proxy_html-2.4.6-40.el7_2.7.x86_64.rpm mod_session-2.4.6-40.el7_2.7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.3): x86_64: httpd-debuginfo-2.4.6-45.el7_3.6.x86_64.rpm mod_ldap-2.4.6-45.el7_3.6.x86_64.rpm mod_proxy_html-2.4.6-45.el7_3.6.x86_64.rpm mod_session-2.4.6-45.el7_3.6.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.4): x86_64: httpd-debuginfo-2.4.6-67.el7_4.7.x86_64.rpm mod_ldap-2.4.6-67.el7_4.7.x86_64.rpm mod_proxy_html-2.4.6-67.el7_4.7.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.6): x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.6): ppc64le: httpd-debuginfo-2.4.6-89.el7_6.2.ppc64le.rpm mod_ldap-2.4.6-89.el7_6.2.ppc64le.rpm mod_proxy_html-2.4.6-89.el7_6.2.ppc64le.rpm x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.6): x86_64: httpd-debuginfo-2.4.6-89.el7_6.2.x86_64.rpm mod_ldap-2.4.6-89.el7_6.2.x86_64.rpm mod_proxy_html-2.4.6-89.el7_6.2.x86_64.rpm Red Hat Enterprise Linux Server Optional AUS (v. 7.7): x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm Red Hat Enterprise Linux Server Optional E4S (v. 7.6): ppc64le: httpd-debuginfo-2.4.6-90.el7_7.1.ppc64le.rpm mod_ldap-2.4.6-90.el7_7.1.ppc64le.rpm mod_proxy_html-2.4.6-90.el7_7.1.ppc64le.rpm x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm Red Hat Enterprise Linux Server Optional TUS (v. 7.7): x86_64: httpd-debuginfo-2.4.6-90.el7_7.1.x86_64.rpm mod_ldap-2.4.6-90.el7_7.1.x86_64.rpm mod_proxy_html-2.4.6-90.el7_7.1.x86_64.rpm Red Hat Enterprise Linux Server Optional (v. 7): ppc64: httpd-debuginfo-2.4.6-97.el7_9.1.ppc64.rpm mod_ldap-2.4.6-97.el7_9.1.ppc64.rpm mod_proxy_html-2.4.6-97.el7_9.1.ppc64.rpm ppc64le: httpd-debuginfo-2.4.6-97.el7_9.1.ppc64le.rpm mod_ldap-2.4.6-97.el7_9.1.ppc64le.rpm mod_proxy_html-2.4.6-97.el7_9.1.ppc64le.rpm s390x: httpd-debuginfo-2.4.6-97.el7_9.1.s390x.rpm mod_ldap-2.4.6-97.el7_9.1.s390x.rpm mod_proxy_html-2.4.6-97.el7_9.1.s390x.rpm x86_64: httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Workstation (v. 7): Source: httpd-2.4.6-97.el7_9.1.src.rpm noarch: httpd-manual-2.4.6-97.el7_9.1.noarch.rpm x86_64: httpd-2.4.6-97.el7_9.1.x86_64.rpm httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm httpd-devel-2.4.6-97.el7_9.1.x86_64.rpm httpd-tools-2.4.6-97.el7_9.1.x86_64.rpm mod_session-2.4.6-97.el7_9.1.x86_64.rpm mod_ssl-2.4.6-97.el7_9.1.x86_64.rpm Red Hat Enterprise Linux Workstation Optional (v. 7): x86_64: httpd-debuginfo-2.4.6-97.el7_9.1.x86_64.rpm mod_ldap-2.4.6-97.el7_9.1.x86_64.rpm mod_proxy_html-2.4.6-97.el7_9.1.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2021-40438 https://access.redhat.com/security/updates/classification/#important 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYWfxl9zjgjWX9erEAQiHUQ//augswljuYjRC9IwK5XgDLjrigqEshGaa v5C3gfY1a4SwE/x0FQCawiBmh+8VMv5as3c0eeU5C6QB/05BSBycgboIZG3H6HdF sNOxNzkcG6WmooNZNJ0/c/ykvkn0tRq812yzDTxr2IB3+LxH5cYaw9wQnt62l3yF gjtWedH9xntGpqrVK17NVe/o9Jg4tL0CEPDk+NrbXeSgwnAnLKsLjpwQT72+GVJx ZLC9DYkFguzQN+wckKPRfxGtce0GtuXHkpEShCnH32RPrNyImFMn/Nc8IyOmTadT jCd07H2MNH6+Txxt6dh2aI+SI5JwdeGRNP7IXs86H+KPNZhphS/BqFt3qHGTsw4l 3f6jGfywbWfNdLw+s0qHaWvJ2ZgTw7O1QPncfozKn8cU3Rw9OunN+r2yVTcU3KW9 0ZGHpej56UhthE1qqS5vQjUPQ6SQgC1QHGDNgYkZk0mqIL3Vkv6gEqIF8TH4ezxZ LhZcY3N6HI5LC7568idurO0uLTdjPZq8+xMmDDAXA4QvIxOsOk6x4Rf1dzCtDpGo QSzxx6a6uYXF7EWIlkaR/qY5zcyk4i8aJN8yzrxu6oNulVSIsSuMnb00SIOk8cX7 lUt5V1/RhnWSRytHE5Tz68PyfNyqgJwFDg8D/p0nxZE1Q3tXmgtLwPOY0l2zkkjB 95kGnxWCYaA= =gPcK -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . 8) - aarch64, noarch, ppc64le, s390x, x86_64 3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - https://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: Apache HTTPD: Multiple Vulnerabilities Date: August 14, 2022 Bugs: #813429, #816399, #816864, #829722, #835131, #850622 ID: 202208-20 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======= Multiple vulnerabilities have been discovered in Apache Webserver, the worst of which could result in remote code execution. Please review the CVE identifiers referenced below for details. Impact ===== Please review the referenced CVE identifiers for details. Workaround ========= There is no known workaround at this time. Resolution ========= All Apache HTTPD users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-servers/apache-2.4.54" All Apache HTTPD tools users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=app-admin/apache-tools-2.4.54" References ========= [ 1 ] CVE-2021-33193 https://nvd.nist.gov/vuln/detail/CVE-2021-33193 [ 2 ] CVE-2021-34798 https://nvd.nist.gov/vuln/detail/CVE-2021-34798 [ 3 ] CVE-2021-36160 https://nvd.nist.gov/vuln/detail/CVE-2021-36160 [ 4 ] CVE-2021-39275 https://nvd.nist.gov/vuln/detail/CVE-2021-39275 [ 5 ] CVE-2021-40438 https://nvd.nist.gov/vuln/detail/CVE-2021-40438 [ 6 ] CVE-2021-41524 https://nvd.nist.gov/vuln/detail/CVE-2021-41524 [ 7 ] CVE-2021-41773 https://nvd.nist.gov/vuln/detail/CVE-2021-41773 [ 8 ] CVE-2021-42013 https://nvd.nist.gov/vuln/detail/CVE-2021-42013 [ 9 ] CVE-2021-44224 https://nvd.nist.gov/vuln/detail/CVE-2021-44224 [ 10 ] CVE-2021-44790 https://nvd.nist.gov/vuln/detail/CVE-2021-44790 [ 11 ] CVE-2022-22719 https://nvd.nist.gov/vuln/detail/CVE-2022-22719 [ 12 ] CVE-2022-22720 https://nvd.nist.gov/vuln/detail/CVE-2022-22720 [ 13 ] CVE-2022-22721 https://nvd.nist.gov/vuln/detail/CVE-2022-22721 [ 14 ] CVE-2022-23943 https://nvd.nist.gov/vuln/detail/CVE-2022-23943 [ 15 ] CVE-2022-26377 https://nvd.nist.gov/vuln/detail/CVE-2022-26377 [ 16 ] CVE-2022-28614 https://nvd.nist.gov/vuln/detail/CVE-2022-28614 [ 17 ] CVE-2022-28615 https://nvd.nist.gov/vuln/detail/CVE-2022-28615 [ 18 ] CVE-2022-29404 https://nvd.nist.gov/vuln/detail/CVE-2022-29404 [ 19 ] CVE-2022-30522 https://nvd.nist.gov/vuln/detail/CVE-2022-30522 [ 20 ] CVE-2022-30556 https://nvd.nist.gov/vuln/detail/CVE-2022-30556 [ 21 ] CVE-2022-31813 https://nvd.nist.gov/vuln/detail/CVE-2022-31813 Availability =========== This GLSA and any updates to it are available for viewing at the Gentoo Security Website: https://security.gentoo.org/glsa/202208-20 Concerns? ======== Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org. License ====== Copyright 2022 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. https://creativecommons.org/licenses/by-sa/2.5 . This software, such as Apache HTTP Server, is common to multiple JBoss middleware products, and is packaged under Red Hat JBoss Core Services to allow for faster distribution of updates, and for a more consistent update experience. Refer to the Release Notes for information on the security fix included in this release. Solution: Before applying the update, back up your existing installation, including all applications, configuration files, databases and database settings, and so on. The References section of this erratum contains a download link for the update. You must be logged in to download the update. ========================================================================== Ubuntu Security Notice USN-5090-1 September 27, 2021 apache2 vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 21.04 - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Apache HTTP Server. A remote attacker could possibly use this issue to perform request splitting or cache poisoning attacks. (CVE-2021-34798) Li Zhi Xin discovered that the Apache mod_proxy_uwsgi module incorrectly handled certain request uri-paths. This issue only affected Ubuntu 20.04 LTS and Ubuntu 21.04. If the server was configured with third-party modules, a remote attacker could use this issue to cause the server to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2021-39275) It was discovered that the Apache mod_proxy module incorrectly handled certain request uri-paths. (CVE-2021-40438) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 21.04: apache2 2.4.46-4ubuntu1.2 apache2-bin 2.4.46-4ubuntu1.2 Ubuntu 20.04 LTS: apache2 2.4.41-4ubuntu3.5 apache2-bin 2.4.41-4ubuntu3.5 Ubuntu 18.04 LTS: apache2 2.4.29-1ubuntu4.17 apache2-bin 2.4.29-1ubuntu4.17 In general, a standard system update will make all the necessary changes

Trust: 3.6

sources: NVD: CVE-2021-40438 // JVNDB: JVNDB-2021-004150 // ZDI: ZDI-24-812 // CNVD: CNVD-2022-03224 // VULHUB: VHN-401786 // VULMON: CVE-2021-40438 // PACKETSTORM: 169132 // PACKETSTORM: 164513 // PACKETSTORM: 164493 // PACKETSTORM: 164505 // PACKETSTORM: 168072 // PACKETSTORM: 164443 // PACKETSTORM: 164305

IOT TAXONOMY

category:

['Network device']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2022-03224

AFFECTED PRODUCTS

vendor:	tenable	model:	tenable.sc	scope:	lte	version:	5.19.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	8.1	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	eq	version:	3.2	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	11.0	Trust: 1.0
vendor:	siemens	model:	sinema remote connect server	scope:	lt	version:	3.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	8.8	Trust: 1.0
vendor:	f5	model:	f5os	scope:	gte	version:	1.2.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server for power little endian update services for sap solutions	scope:	eq	version:	8.2	Trust: 1.0
vendor:	netapp	model:	clustered data ontap	scope:	eq	version:	-	Trust: 1.0
vendor:	resf	model:	rocky linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power little endian eus	scope:	eq	version:	8.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server update services for sap solutions	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power big endian	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	8.6	Trust: 1.0
vendor:	redhat	model:	software collections	scope:	eq	version:	1.0	Trust: 1.0
vendor:	broadcom	model:	brocade fabric operating system	scope:	eq	version:	-	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	10.0	Trust: 1.0
vendor:	oracle	model:	enterprise manager ops center	scope:	eq	version:	12.4.0.0	Trust: 1.0
vendor:	siemens	model:	sinec nms	scope:	lt	version:	1.0.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux server for power little endian update services for sap solutions	scope:	eq	version:	8.8	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server for power little endian update services for sap solutions	scope:	eq	version:	8.4	Trust: 1.0
vendor:	debian	model:	linux	scope:	eq	version:	9.0	Trust: 1.0
vendor:	netapp	model:	cloud backup	scope:	eq	version:	-	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.4.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	35	Trust: 1.0
vendor:	f5	model:	f5os	scope:	gte	version:	1.1.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power little endian eus	scope:	eq	version:	8.8	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power little endian eus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux for ibm z systems eus	scope:	eq	version:	8.8	Trust: 1.0
vendor:	redhat	model:	enterprise linux for ibm z systems eus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	8.8	Trust: 1.0
vendor:	redhat	model:	enterprise linux eus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	netapp	model:	storagegrid	scope:	eq	version:	-	Trust: 1.0
vendor:	f5	model:	f5os	scope:	lte	version:	1.1.4	Trust: 1.0
vendor:	redhat	model:	jboss core services	scope:	eq	version:	1.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux update services for sap solutions	scope:	eq	version:	8.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux server for power little endian update services for sap solutions	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux for ibm z systems	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	8.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server update services for sap solutions	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power little endian	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.2	Trust: 1.0
vendor:	apache	model:	http server	scope:	lte	version:	2.4.48	Trust: 1.0
vendor:	redhat	model:	enterprise linux server for power little endian update services for sap solutions	scope:	eq	version:	8.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux update services for sap solutions	scope:	eq	version:	8.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux for arm 64 eus	scope:	eq	version:	8.8	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power little endian eus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux for ibm z systems eus s390x	scope:	eq	version:	8.2	Trust: 1.0
vendor:	redhat	model:	enterprise linux server for power little endian update services for sap solutions	scope:	eq	version:	7.7	Trust: 1.0
vendor:	redhat	model:	enterprise linux workstation	scope:	eq	version:	7.0	Trust: 1.0
vendor:	siemens	model:	sinema server	scope:	eq	version:	14.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux for ibm z systems	scope:	eq	version:	7.0_s390x	Trust: 1.0
vendor:	redhat	model:	enterprise linux for arm 64	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux update services for sap solutions	scope:	eq	version:	8.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	8.4	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.3	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power little endian	scope:	eq	version:	7.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server aus	scope:	eq	version:	7.3	Trust: 1.0
vendor:	f5	model:	f5os	scope:	lte	version:	1.2.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux for scientific computing	scope:	eq	version:	7.0	Trust: 1.0
vendor:	fedoraproject	model:	fedora	scope:	eq	version:	34	Trust: 1.0
vendor:	oracle	model:	secure global desktop	scope:	eq	version:	5.6	Trust: 1.0
vendor:	oracle	model:	zfs storage appliance kit	scope:	eq	version:	8.8	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	7.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	8.2	Trust: 1.0
vendor:	siemens	model:	ruggedcom nms	scope:	eq	version:	*	Trust: 1.0
vendor:	redhat	model:	enterprise linux update services for sap solutions	scope:	eq	version:	8.8	Trust: 1.0
vendor:	oracle	model:	instantis enterprisetrack	scope:	eq	version:	17.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux update services for sap solutions	scope:	eq	version:	8.4	Trust: 1.0
vendor:	oracle	model:	http server	scope:	eq	version:	12.2.1.3.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux server tus	scope:	eq	version:	8.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux server for power little endian update services for sap solutions	scope:	eq	version:	8.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux for arm 64 eus	scope:	eq	version:	8.6	Trust: 1.0
vendor:	redhat	model:	enterprise linux	scope:	eq	version:	8.0	Trust: 1.0
vendor:	redhat	model:	enterprise linux for power little endian eus	scope:	eq	version:	8.1	Trust: 1.0
vendor:	redhat	model:	enterprise linux for ibm z systems eus	scope:	eq	version:	8.1	Trust: 1.0
vendor:	日立	model:	hitachi infrastructure analytics advisor	scope:	-	version:	-	Trust: 0.8
vendor:	fedora	model:	fedora	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	clustered data ontap	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center api configuration manager	scope:	-	version:	-	Trust: 0.8
vendor:	apache	model:	http server	scope:	-	version:	-	Trust: 0.8
vendor:	f5	model:	f5os	scope:	-	version:	-	Trust: 0.8
vendor:	netapp	model:	storagegrid	scope:	-	version:	-	Trust: 0.8
vendor:	debian	model:	gnu/linux	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi configuration manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi device manager	scope:	-	version:	-	Trust: 0.8
vendor:	日立	model:	hitachi ops center analyzer	scope:	-	version:	-	Trust: 0.8
vendor:	hewlett packard	model:	oneview	scope:	-	version:	-	Trust: 0.7
vendor:	apache	model:	http server	scope:	lte	version:	<=2.4.48	Trust: 0.6

sources: ZDI: ZDI-24-812 // CNVD: CNVD-2022-03224 // JVNDB: JVNDB-2021-004150 // NVD: CVE-2021-40438

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-40438
value:	CRITICAL
Trust: 1.0
134c704f-9b21-4f2e-91b3-4a467353bcc0:	CVE-2021-40438
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2021-40438
value:	CRITICAL
Trust: 0.8
ZDI:	CVE-2021-40438
value:	HIGH
Trust: 0.7
CNVD:	CNVD-2022-03224
value:	MEDIUM
Trust: 0.6
VULHUB:	VHN-401786
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-40438
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-40438
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.9
CNVD:	CNVD-2022-03224
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
VULHUB:	VHN-401786
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-40438
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.2
impactScore:	6.0
version:	3.1
Trust: 2.0
NVD:	CVE-2021-40438
baseSeverity:	CRITICAL
baseScore:	9.0
vectorString:	CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	HIGH
privilegesRequired:	NONE
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8
ZDI:	CVE-2021-40438
baseSeverity:	HIGH
baseScore:	8.2
vectorString:	AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	LOW
availabilityImpact:	NONE
exploitabilityScore:	3.9
impactScore:	4.2
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-24-812 // CNVD: CNVD-2022-03224 // VULHUB: VHN-401786 // VULMON: CVE-2021-40438 // JVNDB: JVNDB-2021-004150 // NVD: CVE-2021-40438 // NVD: CVE-2021-40438

PROBLEMTYPE DATA

problemtype:	CWE-918	Trust: 1.1
problemtype:	Server-side request forgery (CWE-918) [NVD Evaluation ]	Trust: 0.8

sources: VULHUB: VHN-401786 // JVNDB: JVNDB-2021-004150 // NVD: CVE-2021-40438

THREAT TYPE

remote

Trust: 0.2

sources: PACKETSTORM: 168072 // PACKETSTORM: 164305

TYPE

arbitrary

Trust: 0.1

sources: PACKETSTORM: 169132

PATCH

title:	hitachi-sec-2021-139	url:	https://httpd.apache.org/security/vulnerabilities_24.html	Trust: 0.8
title:	Hewlett Packard Enterprise has issued an update to correct this vulnerability.	url:	https://support.hpe.com/hpesc/public/docDisplay?docId=hpesbgn04586en_us&docLocale=en_US	Trust: 0.7
title:	Patch for Apache HTTP Server mod_proxy server request forgery vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/313356	Trust: 0.6
title:	Red Hat: CVE-2021-40438	url:	https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2021-40438	Trust: 0.1
title:	Debian Security Advisories: DSA-4982-1 apache2 -- security update	url:	https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories&qid=93a29f7ecf9a6aaba79d3b3320aa4b85	Trust: 0.1
title:	Arch Linux Issues:	url:	https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues&qid=CVE-2021-40438 log	Trust: 0.1
title:	Hitachi Security Advisories: Vulnerability in Hitachi Command Suite, Hitachi Ops Center API Configuration Managerï¼ŒHitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer	url:	https://vulmon.com/vendoradvisory?qidtp=hitachi_security_advisories&qid=hitachi-sec-2021-139	Trust: 0.1
title:	Tenable Security Advisories: [R1] Stand-alone Security Patch Available for Tenable.sc versions 5.16.0 to 5.19.1: Patch 202110.1	url:	https://vulmon.com/vendoradvisory?qidtp=tenable_security_advisories&qid=TNS-2021-17	Trust: 0.1
title:	Amazon Linux AMI: ALAS-2021-1543	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux_ami&qid=ALAS-2021-1543	Trust: 0.1
title:	Amazon Linux 2: ALAS2-2021-1716	url:	https://vulmon.com/vendoradvisory?qidtp=amazon_linux2&qid=ALAS2-2021-1716	Trust: 0.1
title:	Cisco: Multiple Vulnerabilities in Apache HTTP Server Affecting Cisco Products: November 2021	url:	https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts&qid=cisco-sa-apache-httpd-2.4.49-VWL69sWQ	Trust: 0.1
title:	CVE-2021-40438 exploit PoC with Docker setup	url:	https://github.com/sixpacksecurity/CVE-2021-40438	Trust: 0.1
title:	CVE-2021-40438	url:	https://github.com/gassara-kys/CVE-2021-40438	Trust: 0.1
title:	CVE-2021-40438	url:	https://github.com/Kashkovsky/CVE-2021-40438	Trust: 0.1
title:	scan_ssrf.sh	url:	https://github.com/vsh00t/BB-PoC	Trust: 0.1
title:	CVE-2021-40438	url:	https://github.com/xiaojiangxl/CVE-2021-40438	Trust: 0.1

sources: ZDI: ZDI-24-812 // CNVD: CNVD-2022-03224 // VULMON: CVE-2021-40438 // JVNDB: JVNDB-2021-004150

EXTERNAL IDS

db:	NVD	id:	CVE-2021-40438	Trust: 4.0
db:	SIEMENS	id:	SSA-685781	Trust: 1.1
db:	TENABLE	id:	TNS-2021-17	Trust: 1.1
db:	JVNDB	id:	JVNDB-2021-004150	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-22691	Trust: 0.7
db:	ZDI	id:	ZDI-24-812	Trust: 0.7
db:	CNVD	id:	CNVD-2022-03224	Trust: 0.7
db:	PACKETSTORM	id:	168072	Trust: 0.2
db:	VULHUB	id:	VHN-401786	Trust: 0.1
db:	VULMON	id:	CVE-2021-40438	Trust: 0.1
db:	PACKETSTORM	id:	169132	Trust: 0.1
db:	PACKETSTORM	id:	164513	Trust: 0.1
db:	PACKETSTORM	id:	164493	Trust: 0.1
db:	PACKETSTORM	id:	164505	Trust: 0.1
db:	PACKETSTORM	id:	164443	Trust: 0.1
db:	PACKETSTORM	id:	164305	Trust: 0.1

sources: ZDI: ZDI-24-812 // CNVD: CNVD-2022-03224 // VULHUB: VHN-401786 // VULMON: CVE-2021-40438 // PACKETSTORM: 169132 // PACKETSTORM: 164513 // PACKETSTORM: 164493 // PACKETSTORM: 164505 // PACKETSTORM: 168072 // PACKETSTORM: 164443 // PACKETSTORM: 164305 // JVNDB: JVNDB-2021-004150 // NVD: CVE-2021-40438

REFERENCES

url:	https://nvd.nist.gov/vuln/detail/cve-2021-40438	Trust: 2.1
url:	https://security.gentoo.org/glsa/202208-20	Trust: 1.2
url:	https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-apache-httpd-2.4.49-vwl69swq	Trust: 1.1
url:	https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf	Trust: 1.1
url:	https://security.netapp.com/advisory/ntap-20211008-0004/	Trust: 1.1
url:	https://www.tenable.com/security/tns-2021-17	Trust: 1.1
url:	https://www.debian.org/security/2021/dsa-4982	Trust: 1.1
url:	https://httpd.apache.org/security/vulnerabilities_24.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpuapr2022.html	Trust: 1.1
url:	https://www.oracle.com/security-alerts/cpujan2022.html	Trust: 1.1
url:	https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html	Trust: 1.1
url:	https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3cbugs.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/	Trust: 1.0
url:	https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3cusers.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3cusers.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3cusers.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3cusers.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3cusers.httpd.apache.org%3e	Trust: 1.0
url:	https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/	Trust: 1.0
url:	https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3cusers.httpd.apache.org%3e	Trust: 1.0
url:	https://support.hpe.com/hpesc/public/docdisplay?docid=hpesbgn04586en_us&doclocale=en_us	Trust: 0.7
url:	https://listman.redhat.com/mailman/listinfo/rhsa-announce	Trust: 0.4
url:	https://access.redhat.com/security/cve/cve-2021-40438	Trust: 0.4
url:	https://access.redhat.com/security/updates/classification/#important	Trust: 0.4
url:	https://bugzilla.redhat.com/):	Trust: 0.4
url:	https://access.redhat.com/security/team/contact/	Trust: 0.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-36160	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-34798	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-39275	Trust: 0.3
url:	https://access.redhat.com/articles/11258	Trust: 0.3
url:	https://access.redhat.com/security/team/key/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-33193	Trust: 0.2
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/spbr6wuybjnachke65spl7tjohx7rhwd/	Trust: 0.1
url:	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/zncysr3bxt36fff4xtcpl3hdqk4vp45r/	Trust: 0.1
url:	https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3cbugs.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029@%3cusers.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c@%3cusers.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697@%3cusers.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432@%3cusers.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00@%3cusers.httpd.apache.org%3e	Trust: 0.1
url:	https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a@%3cusers.httpd.apache.org%3e	Trust: 0.1
url:	https://www.debian.org/security/faq	Trust: 0.1
url:	https://www.debian.org/security/	Trust: 0.1
url:	https://security-tracker.debian.org/tracker/apache2	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3856	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3816	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-26691	Trust: 0.1
url:	https://access.redhat.com/security/cve/cve-2021-26691	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3836	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22721	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28614	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-31813	Trust: 0.1
url:	https://bugs.gentoo.org.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-29404	Trust: 0.1
url:	https://creativecommons.org/licenses/by-sa/2.5	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44790	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-28615	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30522	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41773	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-41524	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-44224	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22719	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-30556	Trust: 0.1
url:	https://security.gentoo.org/	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-42013	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-23943	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-22720	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2022-26377	Trust: 0.1
url:	https://access.redhat.com/errata/rhsa-2021:3745	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.29-1ubuntu4.17	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.41-4ubuntu3.5	Trust: 0.1
url:	https://launchpad.net/ubuntu/+source/apache2/2.4.46-4ubuntu1.2	Trust: 0.1
url:	https://ubuntu.com/security/notices/usn-5090-1	Trust: 0.1

sources: ZDI: ZDI-24-812 // CNVD: CNVD-2022-03224 // VULHUB: VHN-401786 // PACKETSTORM: 169132 // PACKETSTORM: 164513 // PACKETSTORM: 164493 // PACKETSTORM: 164505 // PACKETSTORM: 168072 // PACKETSTORM: 164443 // PACKETSTORM: 164305 // JVNDB: JVNDB-2021-004150 // NVD: CVE-2021-40438

CREDITS

Anonymous

Trust: 0.7

sources: ZDI: ZDI-24-812

SOURCES

db:	ZDI	id:	ZDI-24-812
db:	CNVD	id:	CNVD-2022-03224
db:	VULHUB	id:	VHN-401786
db:	VULMON	id:	CVE-2021-40438
db:	PACKETSTORM	id:	169132
db:	PACKETSTORM	id:	164513
db:	PACKETSTORM	id:	164493
db:	PACKETSTORM	id:	164505
db:	PACKETSTORM	id:	168072
db:	PACKETSTORM	id:	164443
db:	PACKETSTORM	id:	164305
db:	JVNDB	id:	JVNDB-2021-004150
db:	NVD	id:	CVE-2021-40438

LAST UPDATE DATE

2025-06-21T23:06:23.397000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-24-812	date:	2024-08-15T00:00:00
db:	CNVD	id:	CNVD-2022-03224	date:	2022-01-13T00:00:00
db:	VULHUB	id:	VHN-401786	date:	2022-10-05T00:00:00
db:	VULMON	id:	CVE-2021-40438	date:	2023-11-07T00:00:00
db:	JVNDB	id:	JVNDB-2021-004150	date:	2021-11-16T05:31:00
db:	NVD	id:	CVE-2021-40438	date:	2025-05-16T15:27:13.890

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-24-812	date:	2024-06-18T00:00:00
db:	CNVD	id:	CNVD-2022-03224	date:	2022-01-13T00:00:00
db:	VULHUB	id:	VHN-401786	date:	2021-09-16T00:00:00
db:	VULMON	id:	CVE-2021-40438	date:	2021-09-16T00:00:00
db:	PACKETSTORM	id:	169132	date:	2021-10-28T19:12:00
db:	PACKETSTORM	id:	164513	date:	2021-10-14T15:26:45
db:	PACKETSTORM	id:	164493	date:	2021-10-13T14:52:48
db:	PACKETSTORM	id:	164505	date:	2021-10-13T15:23:01
db:	PACKETSTORM	id:	168072	date:	2022-08-15T16:02:48
db:	PACKETSTORM	id:	164443	date:	2021-10-08T15:12:22
db:	PACKETSTORM	id:	164305	date:	2021-09-28T15:06:35
db:	JVNDB	id:	JVNDB-2021-004150	date:	2021-11-16T00:00:00
db:	NVD	id:	CVE-2021-40438	date:	2021-09-16T15:15:07.633