CVE-2021-40438

This repository provides a proof-of-concept for CVE-2021-40438, a vulnerability in Apache HTTP Server 2.4.48 and earlier where a crafted URI-path can cause mod_proxy to forward requests to an arbitrary origin server. The example demonstrates how an attacker could exploit this for IP spoofing in DoS attacks.

This repository provides a Docker-based proof-of-concept for CVE-2021-40438, a path traversal and remote code execution vulnerability in Apache HTTP Server 2.4.49. The exploit leverages a crafted request to trigger a buffer overflow via a long path string.

This PoC exploits CVE-2021-40438, an SSRF vulnerability in Apache HTTP Server 2.4.48, by crafting a malicious request with a long Unix socket path to trigger arbitrary HTTP requests. The script sends a GET request to the target URL with a manipulated query parameter to achieve SSRF.

This PoC exploits CVE-2021-40438, a vulnerability in Apache HTTP Server 2.4.49 and earlier, by sending a crafted request with a malicious Unix socket path to trigger SSRF or RCE. The script reads target hosts from a file and sends the exploit payload to each.

This repository provides a functional proof-of-concept for CVE-2021-40438, an SSRF vulnerability in Apache HTTP Server versions prior to 2.4.48. The exploit leverages a long string in the URL to bypass mod_proxy restrictions, allowing unauthenticated SSRF attacks.

The repository contains only a README.md file with a CVE identifier and no exploit code or technical details. It appears to be a placeholder or incomplete submission.

This repository contains a Python-based scanner for detecting CVE-2021-40438, a vulnerability in Apache HTTP Server. The tool checks for vulnerable endpoints and integrates with Telegram for notifications.

This PoC exploits CVE-2021-40438, a path traversal vulnerability in Apache HTTP Server 2.4.49 and 2.4.50, by sending a crafted request with a malicious path to trigger a directory traversal and potential remote code execution. The script uses curl to send the payload and checks the response for signs of exploitation.

This repository contains a Sigma rule for detecting exploitation attempts of CVE-2021-40438, an SSRF vulnerability in Apache HTTP Server's mod_proxy. The rule checks for URIs containing '?unix:' and successful HTTP 200 responses, indicating potential exploitation.

This is a functional PoC for CVE-2021-40438, an SSRF vulnerability. The exploit constructs a malicious URL with a large buffer overflow-like payload followed by an SSRF target, leveraging a Unix socket path injection technique.

This repository contains a functional exploit for CVE-2021-40438, targeting Check Point Security Gateways. The exploit leverages a path traversal vulnerability to execute arbitrary commands via crafted HTTP requests, allowing for RCE, password resets, and configuration dumps.

The repository contains a Dockerized setup for CVE-2021-40438 but lacks actual exploit code. The provided PHP file is a placeholder and does not demonstrate the vulnerability.