A crafted request uri-path can cause mod_proxy to forward the request to an origin server chosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier. (CVE-2021-40438)
Impact
A remote attacker can exploit this vulnerability by sending a specially crafted request uri-path that forwards the request to an origin server chosen by the remote user.
9.3 High
AI Score
Confidence
0.974 High
EPSS
Percentile
99.9%