Organizations are advised to ensure that their Apache HTTP servers are up-to-date, after it emerged that a recently registered risk was applied to the attack.
Risk, which is tracked as CVE-2021-40438, is a server-side fraud (SSRF) scam that can be exploited on httpd web servers with mod proxy enabled module. An attacker could exploit this important error using a specially designed application to cause the module to forward the request to the wrong root server.
The problem was identified by the Apache HTTP security team while investigating a different vulnerability. It touches on version 2.4.48 and earlier, and was released in mid-September with the release of version 2.4.49.
Read More: securityweek