CISA Known Exploited Vulnerability

This vulnerability is actively exploited in the wild and listed in the CISA Known Exploited Vulnerabilities catalog.

Remediation Deadline: Dec 15, 2021

CVE-2021-40438

High

EPSS 94.4%CISA KEV

Description

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

EPSS — Exploit Probability

94.4%

Higher than 100.0% of all CVEs

Required Action

https://nvd.nist.gov/vuln/detail/CVE-2021-40438

Risk Assessment

HIGH

In CISA KEV

High EPSS

Details

Severity: High
EPSS: 94.4%
CISA KEV: Yes
Ransomware: Unknown
Articles: 0

Timeline

Published

Dec 1, 2021

Added to KEV

Dec 1, 2021

Remediation Due

Dec 15, 2021

Affected Product

Apache

View all Apache CVEs

External Links

NVD (NIST)CVE Details MITRE CVE