Apache MOD Proxy - Server Side Request Forgery (CVE-2021-40438)

Apache server is affected by a Server Side Request Forgery (SSRF) vulnerability, located in the <b>mod_proxy</b> module. The root cause of this vulnerability consists in using a version of the Apache HTTP Server before 2.4.48 which does not sanitize user input in GET requests. Therefore, it can be used by an unauthenticated remote attacker to determine the Apache server initiate HTTPS requests to arbitrary locations.

Apache服务器受服务器端请求伪造（SSRF）漏洞影响，此漏洞位于<b>mod_proxy</b>模块中。该漏洞的根本原因在于使用Apache HTTP服务器版本低于2.4.48，该版本在GET请求中未对用户输入进行清理。因此，未经身份验证的远程攻击者可利用此漏洞使Apache服务器发起对任意位置的HTTPS请求。