Apache SSRF bug Exploited
Threat actors are exploiting a recently addressed server-side request forgery (SSRF) vulnerability, tracked as CVE-2021-40438, in Apache HTTP servers. This flaw can be exploited against httpd web servers that have the mod_proxy module enabled. A threat actor can trigger the issue using a specially crafted request to cause the module to forward the request to an arbitrary origin server.
The vulnerability was patched in mid-September with the release of version 2.4.49, it impacts version 2.4.48 and earlier. Since the public disclosure of the vulnerability, several PoC exploits for CVE-2021-40438 have been published.
Cisco published a security advisory to inform its customers that it is investigating the impact of the issue on its products. The issue impacts Prime Collaboration Provisioning, Security Manager, Expressway series and TelePresence Video Communication Server (VCS) products. The IT giant states that it is still investigating its product line.
In November 2021, the Cisco PSIRT became aware of exploitation attempts of the vulnerability identified by CVE ID CVE-2021-40438.Cisco Statement
The BSI agency also published an alert about this vulnerability, it is aware of at least one attack exploiting this vulnerability.
The BSI is aware of at least one case in which an attacker was able to do so through exploitation the vulnerability to obtain hash values of user credentials from the victim’s system. The vulnerability affects all versions of Apache HTTP Server 2.4.48 or older.BSI Statement