Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Cross-Site Request Forgery (CSRF)

🗓️ 20 Sep 2021 12:57:14Reported by Veracode Vulnerability DatabaseType 
veracode
 veracode🔗 sca.analysiscenter.veracode.com👁 271 Views

apache2 CSRF vulnerability in mod_prox

Related
Detection
Refs
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin: Multiple security vulnerabilities have been identified in IBM HTTP Server shipped with IBM Rational ClearCase (CVE-2021-39275, CVE-2021-40438, CVE-2021-34798)
8 Nov 202104:06
ibm
IBM Security Bulletins		Security Bulletin: Apache HTTP Server as used in IBM QRadar SIEM is vulnerable to server-side request forgery (SSRF) (CVE-2021-40438)
20 Dec 202121:02
ibm
IBM Security Bulletins		Security Bulletin: IBM Rational Build Forge 8.0.x is affected by Apache HTTP Server version used in it.(CVE-2021-40438)
17 Jan 202218:05
ibm
IBM Security Bulletins		Security Bulletin: IBM Security SiteProtector System is affected by Apache HTTP Server vulnerabilities (CVE-2021-40438, CVE-2021-34798)
15 Apr 202204:37
ibm
IBM Security Bulletins		Security Bulletin: A security vulnerability has been identified in IBM WebSphere Application Server, which is a required product for IBM Tivoli Network Manager IP Edition (CVE-2021-40438, CVE-2021-34798)
18 Oct 202106:25
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in IBM HTTP Server used by WebSphere Application Server
11 Nov 202119:48
ibm
IBM Security Bulletins		Security Bulletin: Multiple Vulnerabilities have been identified in IBM HTTP Server shipped with WebSphere Remote Server (CVE-2021-40438, CVE-2021-34798)
17 Dec 202116:40
ibm
IBM Security Bulletins		WebSphere Application Server and IBM HTTP Server Security Bulletin List
13 Jul 202218:04
ibm
IBM Security Bulletins		Security Bulletin: IBM Aspera Orchestrator vulnerable to server-side request forgery due to Apache HTTP Server vulnerability (CVE-2021-40438)
2 Feb 202317:18
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities affect IBM HTTP Server (powered by Apache) for i
6 Dec 202117:06
ibm
Rows per page
Vulners
Node
debianapache2Match2.4.46-2debian
AND
debianapache2Match2.4.46-4debian
AND
debiandebian_linuxMatch999
OR
debianapache2Match2.4.48-r0os
AND
debianapache2Match2.4.46-r3os
AND
debianapache2Match2.4.43-r0os
AND
debianapache2Match2.4.48-r2os
AND
debianapache2Match2.4.41-r0os
AND
alpinelinuxalpine_linuxMatchedge
OR
debianapache2Match2.4.48-r0os
AND
debianapache2Match2.4.46-r3os
AND
alpinelinuxalpine_linuxMatch3.14
OR
debianapache2Match2.4.46-r1os
AND
debianapache2Match2.4.43-r0os
AND
debianapache2Match2.4.48-r0os
AND
alpinelinuxalpine_linuxMatch3.12
OR
debianapache2Match2.4.43-r0os
AND
debianapache2Match2.4.46-r0os
AND
debianapache2Match2.4.48-r0os
AND
alpinelinuxalpine_linuxMatch3.11
OR
debianapache2Match2.4.48-r0os
AND
debianapache2Match2.4.46-r3os
AND
alpinelinuxalpine_linuxMatch3.13
OR
googlebionicMatch2.4.29-1ubuntu4debian
AND
googlebionicMatch2.4.29-1ubuntu4.16debian
AND
googlebionicMatch2.4.29-1ubuntu4.14debian
AND
debiandebian_linux
OR
hirsutehirsuteMatch2.4.46-1ubuntu2debian
AND
hirsutehirsuteMatch2.4.46-2ubuntu1debian
AND
hirsutehirsuteMatch2.4.46-4ubuntu1debian
AND
hirsutehirsuteMatch2.4.46-1ubuntu1debian
AND
debiandebian_linux
OR
develdevelMatch2.4.46-1ubuntu1debian
AND
develdevelMatch2.4.46-1ubuntu2debian
AND
develdevelMatch2.4.46-2ubuntu1debian
AND
debiandebian_linux
OR
focalfocalMatch2.4.41-4ubuntu3debian
AND
focalfocalMatch2.4.41-4ubuntu3.2debian
AND
focalfocalMatch2.4.41-4ubuntu3.1debian
AND
debiandebian_linux
OR
debianapache2Match2.4.25-3+deb9u9debian
AND
debiandebian_linuxMatch9
OR
debianapache2Match2.4.48-3.1debian
AND
debianapache2Match2.4.46-2debian
AND
debiandebian_linuxMatch11
OR
debianapache2Match2.4.38-3+deb10u5debian
AND
debianapache2Match2.4.38-3+deb10u4debian
AND
debiandebian_linuxMatch10
OR
httpd24-httpdhttpd24-httpdMatch2.4.34_15.el7
OR
httpd24-httpdhttpd24-httpdMatch2.4.27_8.el7.1
OR
httpd24-httpdhttpd24-httpdMatch2.4.34_18.el7
OR
httpd24-httpdhttpd24-httpdMatch2.4.34_18.el7.1
OR
httpd24-httpdhttpd24-httpdMatch2.4.25_9.el7
OR
httpd24-httpdhttpd24-httpdMatch2.4.34_7.el7.1
OR
httpd24-httpdhttpd24-httpdMatch2.4.18_10.el7
OR
httpd24-httpdhttpd24-httpdMatch2.4.34_8.el7.1
OR
httpd24-httpdhttpd24-httpdMatch2.4.34_7.el7
OR
httpd24-httpdhttpd24-httpdMatch2.4.27_8.el7
OR
httpd24-httpdhttpd24-httpdMatch2.4.12_6.el7.1
OR
httpd24-httpdhttpd24-httpdMatch2.4.18_11.el7
OR
httpdhttpdMatch2.4.6_90.el7.centos
OR
httpdhttpdMatch2.4.6_80.el7.centos
OR
httpdhttpdMatch2.4.6_89.el7.centos
OR
httpdhttpdMatch2.4.6_93.el7.centos
OR
httpdhttpdMatch2.4.6_80.el7.centos.1
OR
httpdhttpdMatch2.4.6_88.el7.centos
OR
httpdhttpdMatch2.4.6_31.ael7b_1.1
OR
httpdhttpdMatch2.4.6_95.el7.centos
OR
httpdhttpdMatch2.4.6_89.el7.centos.1
SourceLink
toolswww.tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
listswww.lists.debian.org/debian-lts-announce/2021/10/msg00001.html
security-trackerwww.security-tracker.debian.org/tracker/CVE-2021-40438
debianwww.debian.org/security/2021/dsa-4982
listswww.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
listswww.lists.fedoraproject.org/archives/list/[email protected]/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
listswww.lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
listswww.lists.fedoraproject.org/archives/list/[email protected]/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
securitywww.security.gentoo.org/glsa/202208-20
listswww.lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37@%3Cbugs.httpd.apache.org%3E
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
21 Mar 2025 23:05Current
3.2Low risk
Vulners AI Score3.2
CVSS 26.8
CVSS 3.19
EPSS0.94432
cross-site request forgeryvulnerable softwaremod_proxycrafted request
271