content/security/json/CVE-2021-40438.json - httpd-site - Git at Google

 {
     "CVE_data_meta": {
         "ASSIGNER": "security@apache.org",
         "ID": "CVE-2021-40438",
         "STATE": "READY",
         "TITLE": "mod_proxy SSRF"
     },
     "affects": {
         "vendor": {
             "vendor_data": [
                 {
                     "product": {
                         "product_data": [
                             {
                                 "product_name": "Apache HTTP Server",
                                 "version": {
                                     "version_data": [
                                         {
                                             "version_affected": "<=",
                                             "version_name": "Apache HTTP Server 2.4",
                                             "version_value": "2.4.48"
                                         }
                                     ]
                                 }
                             }
                         ]
                     },
                     "vendor_name": "Apache Software Foundation"
                 }
             ]
         }
     },
     "credit": [
         {
             "lang": "eng",
             "value": "The issue was discovered by the Apache HTTP security team while analysing CVE-2021-36160"
         }
     ],
     "data_format": "MITRE",
     "data_type": "CVE",
     "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
                 "value": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier."
             }
         ]
     },
     "generator": {
         "engine": "Vulnogram 0.0.9"
     },
     "impact": [
         {
             "other": "high"
         }
     ],
     "problemtype": {
         "problemtype_data": [
             {
                 "description": [
                     {
                         "lang": "eng",
                         "value": "CWE-918 Server Side Request Forgery (SSRF)"
                     }
                 ]
             }
         ]
     },
     "references": {
         "reference_data": [
             {
                 "refsource": "CONFIRM"
             }
         ]
     },
     "source": {
         "discovery": "UNKNOWN"
     }
 }
	{
	"CVE_data_meta": {
	"ASSIGNER": "security@apache.org",
	"ID": "CVE-2021-40438",
	"STATE": "READY",
	"TITLE": "mod_proxy SSRF"
	},
	"affects": {
	"vendor": {
	"vendor_data": [
	{
	"product": {
	"product_data": [
	{
	"product_name": "Apache HTTP Server",
	"version": {
	"version_data": [
	{
	"version_affected": "<=",
	"version_name": "Apache HTTP Server 2.4",
	"version_value": "2.4.48"
	}
	]
	}
	}
	]
	},
	"vendor_name": "Apache Software Foundation"
	}
	]
	}
	},
	"credit": [
	{
	"lang": "eng",
	"value": "The issue was discovered by the Apache HTTP security team while analysing CVE-2021-36160"
	}
	],
	"data_format": "MITRE",
	"data_type": "CVE",
	"data_version": "4.0",
	"description": {
	"description_data": [
	{
	"lang": "eng",
	"value": "A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user.\n\nThis issue affects Apache HTTP Server 2.4.48 and earlier."
	}
	]
	},
	"generator": {
	"engine": "Vulnogram 0.0.9"
	},
	"impact": [
	{
	"other": "high"
	}
	],
	"problemtype": {
	"problemtype_data": [
	{
	"description": [
	{
	"lang": "eng",
	"value": "CWE-918 Server Side Request Forgery (SSRF)"
	}
	]
	}
	]
	},
	"references": {
	"reference_data": [
	{
	"refsource": "CONFIRM"
	}
	]
	},
	"source": {
	"discovery": "UNKNOWN"
	}
	}