Cyber Resilience

CVE-2021-40438

CriticalCISA KEVActive ExploitationEUVD Exploited

Published: 16 September 2021

Published
16 September 2021
Modified
27 October 2025
KEV Added
01 December 2021
Patch
CVSS Score v3.1 9.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.9443 100.0th percentile
Risk Priority 95 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-40438 is a critical-severity SSRF (CWE-918) vulnerability in Redhat Enterprise Linux Server Aus. Its CVSS base score is 9.0 (Critical).

Operationally, ranked in the top 0.0% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-4 (Information Flow Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

A crafted request URI-path can cause mod_proxy in Apache HTTP Server to forward requests to an origin server chosen by the remote user. This vulnerability affects version 2.4.48 and earlier and is identified as CWE-918 server-side request forgery with a CVSS 3.1 score of 9.0.

An unauthenticated remote attacker can exploit the flaw over the network by supplying a malicious URI path. Successful exploitation allows the attacker to achieve high impact on confidentiality, integrity, and availability with scope change, effectively enabling arbitrary origin server requests through the affected proxy.

Advisories and patches referenced in Apache project lists and the Siemens SSA-685781 bulletin address remediation for this issue in Apache HTTP Server.

EU & UK References

Vulnerability details

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

CWE(s)
KEV Date Added
01 December 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

resf
rocky linux
8.0
redhat
enterprise linux
8.0
redhat
enterprise linux eus
8.1, 8.2, 8.4, 8.6, 8.8
redhat
enterprise linux for arm 64
8.0
redhat
enterprise linux for arm 64 eus
8.6, 8.8
redhat
enterprise linux for ibm z systems
7.0_s390x, 8.0
redhat
enterprise linux for ibm z systems eus
8.1, 8.4, 8.8
redhat
enterprise linux for ibm z systems eus s390x
8.2
redhat
enterprise linux for power big endian
7.0
redhat
enterprise linux for power little endian
7.0, 8.0
+29 more product configuration(s) — see NVD for full list

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Rejects or sanitizes the crafted URI-path before mod_proxy processes it, directly blocking the SSRF vector.

prevent

Enforces explicit information-flow rules that limit which origin servers the proxy is allowed to forward requests to.

prevent

Boundary-protection mechanisms can restrict or inspect proxy traffic to prevent arbitrary origin-server forwarding.

References