CVE-2021-40438 CRITICAL

Published: 2021-09-16 | Last Modified: 2025-10-27 | Status: Analyzed

Description

A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.

Additional Descriptions (1)

Un uri-path diseñado puede causar que mod_proxy reenvíe la petición a un servidor de origen elegido por el usuario remoto. Este problema afecta a Apache HTTP Server versiones 2.4.48 y anteriores

CVSS Metrics

Base Score: 9.0 (CRITICAL)

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H

Attack Vector	NETWORK
Attack Complexity	HIGH
Privileges Required	NONE
User Interaction	NONE
Scope	CHANGED
Confidentiality Impact	HIGH
Integrity Impact	HIGH
Availability Impact	HIGH

Source: [email protected]

Type: Primary

Exploitability Score: 2.2

Impact Score: 6.0

Base Score: 6.8 (MEDIUM)

AV:N/AC:M/Au:N/C:P/I:P/A:P

Access Vector	NETWORK
Access Complexity	MEDIUM
Authentication	NONE
Confidentiality Impact	PARTIAL
Integrity Impact	PARTIAL
Availability Impact	PARTIAL

Source: [email protected]

Type: Primary

Exploitability Score: 8.6

Impact Score: 6.4

Weaknesses

Source	Type	Description
[email protected]	Secondary	en CWE-918
[email protected]	Primary	en CWE-918

Affected Products

Vendor	Product	Version	Update	Type
resf	rocky_linux	8.0	<built-in method update of dict object at 0x7c3c3372f1c0>	Operating System
redhat	enterprise_linux	8.0	<built-in method update of dict object at 0x7c3c3372d340>	Operating System
redhat	enterprise_linux_eus	8.1	<built-in method update of dict object at 0x7c3c3372e400>	Operating System
redhat	enterprise_linux_eus	8.2	<built-in method update of dict object at 0x7c3c3372c700>	Operating System
redhat	enterprise_linux_eus	8.4	<built-in method update of dict object at 0x7c3c3372ea40>	Operating System
redhat	enterprise_linux_eus	8.6	<built-in method update of dict object at 0x7c3c3372d200>	Operating System
redhat	enterprise_linux_eus	8.8	<built-in method update of dict object at 0x7c3c3372e4c0>	Operating System
redhat	enterprise_linux_for_arm_64	8.0	<built-in method update of dict object at 0x7c3c40d593c0>	Operating System
redhat	enterprise_linux_for_arm_64_eus	8.6	<built-in method update of dict object at 0x7c3c3372cf40>	Operating System
redhat	enterprise_linux_for_arm_64_eus	8.8	<built-in method update of dict object at 0x7c3c3372fec0>	Operating System
redhat	enterprise_linux_for_ibm_z_systems	7.0_s390x	<built-in method update of dict object at 0x7c3c483cbe00>	Operating System
redhat	enterprise_linux_for_ibm_z_systems	8.0	<built-in method update of dict object at 0x7c3bf3a1fc00>	Operating System
redhat	enterprise_linux_for_ibm_z_systems_eus	8.1	<built-in method update of dict object at 0x7c3c3372c800>	Operating System
redhat	enterprise_linux_for_ibm_z_systems_eus	8.4	<built-in method update of dict object at 0x7c3c40d59fc0>	Operating System
redhat	enterprise_linux_for_ibm_z_systems_eus	8.8	<built-in method update of dict object at 0x7c3c40d5ab00>	Operating System
redhat	enterprise_linux_for_ibm_z_systems_eus_s390x	8.2	<built-in method update of dict object at 0x7c3c3372fb00>	Operating System
redhat	enterprise_linux_for_power_big_endian	7.0	<built-in method update of dict object at 0x7c3bf3a1ef40>	Operating System
redhat	enterprise_linux_for_power_little_endian	7.0	<built-in method update of dict object at 0x7c3c3372d740>	Operating System
redhat	enterprise_linux_for_power_little_endian	8.0	<built-in method update of dict object at 0x7c3c48403040>	Operating System
redhat	enterprise_linux_for_power_little_endian_eus	8.1	<built-in method update of dict object at 0x7c3c483cb740>	Operating System
redhat	enterprise_linux_for_power_little_endian_eus	8.2	<built-in method update of dict object at 0x7c3c40d81bc0>	Operating System
redhat	enterprise_linux_for_power_little_endian_eus	8.4	<built-in method update of dict object at 0x7c3c483c9e80>	Operating System
redhat	enterprise_linux_for_power_little_endian_eus	8.6	<built-in method update of dict object at 0x7c3c3372f580>	Operating System
redhat	enterprise_linux_for_power_little_endian_eus	8.8	<built-in method update of dict object at 0x7c3c48361100>	Operating System
redhat	enterprise_linux_for_scientific_computing	7.0	<built-in method update of dict object at 0x7c3c3372e0c0>	Operating System
redhat	enterprise_linux_server	7.0	<built-in method update of dict object at 0x7c3c2a974f80>	Operating System
redhat	enterprise_linux_server_aus	7.2	<built-in method update of dict object at 0x7c3c3372f140>	Operating System
redhat	enterprise_linux_server_aus	7.3	<built-in method update of dict object at 0x7c3c3372c100>	Operating System
redhat	enterprise_linux_server_aus	7.4	<built-in method update of dict object at 0x7c3c40d5a2c0>	Operating System
redhat	enterprise_linux_server_aus	7.6	<built-in method update of dict object at 0x7c3c2ab12a80>	Operating System
redhat	enterprise_linux_server_aus	7.7	<built-in method update of dict object at 0x7c3c480916c0>	Operating System
redhat	enterprise_linux_server_aus	8.2	<built-in method update of dict object at 0x7c3c297587c0>	Operating System
redhat	enterprise_linux_server_aus	8.4	<built-in method update of dict object at 0x7c3c48299e40>	Operating System
redhat	enterprise_linux_server_aus	8.6	<built-in method update of dict object at 0x7c3c2be84500>	Operating System
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	7.6	<built-in method update of dict object at 0x7c3c2be87500>	Operating System
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	7.7	<built-in method update of dict object at 0x7c3c2be84040>	Operating System
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.1	<built-in method update of dict object at 0x7c3bf2b0d140>	Operating System
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.2	<built-in method update of dict object at 0x7c3c28b14b40>	Operating System
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.4	<built-in method update of dict object at 0x7c3c40d6d6c0>	Operating System
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.6	<built-in method update of dict object at 0x7c3c40d6e580>	Operating System
redhat	enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions	8.8	<built-in method update of dict object at 0x7c3c40d6f100>	Operating System
redhat	enterprise_linux_server_tus	7.6	<built-in method update of dict object at 0x7c3bf1847640>	Operating System
redhat	enterprise_linux_server_tus	7.7	<built-in method update of dict object at 0x7c3c40d6ce00>	Operating System
redhat	enterprise_linux_server_tus	8.2	<built-in method update of dict object at 0x7c3c40d6ea00>	Operating System
redhat	enterprise_linux_server_tus	8.4	<built-in method update of dict object at 0x7c3bf1847540>	Operating System
redhat	enterprise_linux_server_tus	8.6	<built-in method update of dict object at 0x7c3bf18451c0>	Operating System
redhat	enterprise_linux_server_tus	8.8	<built-in method update of dict object at 0x7c3c40d6dd00>	Operating System
redhat	enterprise_linux_server_update_services_for_sap_solutions	7.6	<built-in method update of dict object at 0x7c3c32d51d00>	Operating System
redhat	enterprise_linux_server_update_services_for_sap_solutions	7.7	<built-in method update of dict object at 0x7c3c2910c940>	Operating System
redhat	enterprise_linux_update_services_for_sap_solutions	8.1	<built-in method update of dict object at 0x7c3c327da340>	Operating System
redhat	enterprise_linux_update_services_for_sap_solutions	8.2	<built-in method update of dict object at 0x7c3c2a9b7e00>	Operating System
redhat	enterprise_linux_update_services_for_sap_solutions	8.4	<built-in method update of dict object at 0x7c3c2a977900>	Operating System
redhat	enterprise_linux_update_services_for_sap_solutions	8.6	<built-in method update of dict object at 0x7c3c3212c600>	Operating System
redhat	enterprise_linux_update_services_for_sap_solutions	8.8	<built-in method update of dict object at 0x7c3c40d6e840>	Operating System
redhat	enterprise_linux_workstation	7.0	<built-in method update of dict object at 0x7c3bf1846700>	Operating System
redhat	jboss_core_services	1.0	<built-in method update of dict object at 0x7c3c3277d480>	Application
redhat	software_collections	1.0	<built-in method update of dict object at 0x7c3c28b14e40>	Application
apache	http_server	*	<built-in method update of dict object at 0x7c3c483ca2c0>	Application
fedoraproject	fedora	34	<built-in method update of dict object at 0x7c3bf2553bc0>	Operating System
fedoraproject	fedora	35	<built-in method update of dict object at 0x7c3c48266500>	Operating System
debian	debian_linux	9.0	<built-in method update of dict object at 0x7c3c2b035700>	Operating System
debian	debian_linux	10.0	<built-in method update of dict object at 0x7c3bf3e5c980>	Operating System
debian	debian_linux	11.0	<built-in method update of dict object at 0x7c3c327e2800>	Operating System
netapp	cloud_backup	-	<built-in method update of dict object at 0x7c3c480b7b00>	Application
netapp	clustered_data_ontap	-	<built-in method update of dict object at 0x7c3c6afb0600>	Application
netapp	storagegrid	-	<built-in method update of dict object at 0x7c3c2b034080>	Application
broadcom	brocade_fabric_operating_system_firmware	-	<built-in method update of dict object at 0x7c3c32751580>	Operating System
f5	f5os	*	<built-in method update of dict object at 0x7c3bf2b247c0>	Operating System
f5	f5os	*	<built-in method update of dict object at 0x7c3c2a9b4d40>	Operating System
oracle	enterprise_manager_ops_center	12.4.0.0	<built-in method update of dict object at 0x7c3bf3e5f4c0>	Application
oracle	http_server	12.2.1.3.0	<built-in method update of dict object at 0x7c3c2b036e40>	Application
oracle	http_server	12.2.1.4.0	<built-in method update of dict object at 0x7c3bf2b27040>	Application
oracle	instantis_enterprisetrack	17.1	<built-in method update of dict object at 0x7c3c28b16600>	Application
oracle	instantis_enterprisetrack	17.2	<built-in method update of dict object at 0x7c3c48402840>	Application
oracle	instantis_enterprisetrack	17.3	<built-in method update of dict object at 0x7c3c79340dc0>	Application
oracle	secure_global_desktop	5.6	<built-in method update of dict object at 0x7c3bf3e5ce00>	Application
oracle	zfs_storage_appliance_kit	8.8	<built-in method update of dict object at 0x7c3c477e6500>	Application
siemens	ruggedcom_nms	*	<built-in method update of dict object at 0x7c3c477e7500>	Application
siemens	sinec_nms	*	<built-in method update of dict object at 0x7c3c477e4440>	Application
siemens	sinema_remote_connect_server	*	<built-in method update of dict object at 0x7c3c477e6780>	Application
siemens	sinema_remote_connect_server	3.2	<built-in method update of dict object at 0x7c3c477e5040>	Application
siemens	sinema_server	14.0	<built-in method update of dict object at 0x7c3c477e6380>	Application
tenable	tenable.sc	*	<built-in method update of dict object at 0x7c3c477e4c00>	Application

Affected Configurations

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:resf:rocky_linux:8.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:8.1:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:8.2:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:8.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_eus:8.8:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_arm_64_eus:8.8:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:7.0_s390x:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.1:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus:8.8:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems_eus_s390x:8.2:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_big_endian:7.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:7.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.1:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.2:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian_eus:8.8:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_for_scientific_computing:7.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.2:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.3:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:7.7:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:8.2:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_aus:8.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:7.7:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.1:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.2:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_for_power_little_endian_update_services_for_sap_solutions:8.8:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_tus:7.7:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_tus:8.2:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_tus:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_tus:8.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_tus:8.8:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_server_update_services_for_sap_solutions:7.7:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.1:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.2:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.4:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.6:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_update_services_for_sap_solutions:8.8:::::::*`
Yes	`cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:redhat:jboss_core_services:1.0:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:o:redhat:enterprise_linux:7.0:::::::*`
No	`cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:redhat:software_collections:1.0:::::::*`

Operator: OR

Vulnerable	CPE
No	`cpe:2.3:o:redhat:enterprise_linux_server:7.0:::::::*`
No	`cpe:2.3:o:redhat:enterprise_linux_server_workstation:7.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:apache:http_server::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:fedoraproject:fedora:34:::::::*`
Yes	`cpe:2.3:o:fedoraproject:fedora:35:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:debian:debian_linux:9.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:10.0:::::::*`
Yes	`cpe:2.3:o:debian:debian_linux:11.0:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:netapp:cloud_backup:-:::::::*`
Yes	`cpe:2.3:a:netapp:clustered_data_ontap:-:::::::*`
Yes	`cpe:2.3:a:netapp:storagegrid:-:::::::*`
Yes	`cpe:2.3:o:broadcom:brocade_fabric_operating_system_firmware:-:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:o:f5:f5os::::::::`
Yes	`cpe:2.3:o:f5:f5os::::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:::::::*`
Yes	`cpe:2.3:a:oracle:http_server:12.2.1.3.0:::::::*`
Yes	`cpe:2.3:a:oracle:http_server:12.2.1.4.0:::::::*`
Yes	`cpe:2.3:a:oracle:instantis_enterprisetrack:17.1:::::::*`
Yes	`cpe:2.3:a:oracle:instantis_enterprisetrack:17.2:::::::*`
Yes	`cpe:2.3:a:oracle:instantis_enterprisetrack:17.3:::::::*`
Yes	`cpe:2.3:a:oracle:secure_global_desktop:5.6:::::::*`
Yes	`cpe:2.3:a:oracle:zfs_storage_appliance_kit:8.8:::::::*`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:siemens:ruggedcom_nms::::::::`
Yes	`cpe:2.3:a:siemens:sinec_nms::::::::`
Yes	`cpe:2.3:a:siemens:sinema_remote_connect_server::::::::`
Yes	`cpe:2.3:a:siemens:sinema_remote_connect_server:3.2:::::::*`
Yes	`cpe:2.3:a:siemens:sinema_server:14.0:-::::::`

Operator: OR

Vulnerable	CPE
Yes	`cpe:2.3:a:tenable:tenable.sc::::::::`

References

https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf
Source: [email protected]

Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Source: [email protected]

Release Notes Vendor Advisory
https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E
Source: [email protected]

Mailing List
https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E
Source: [email protected]

Mailing List
https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E
Source: [email protected]

Mailing List
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E
Source: [email protected]

Mailing List
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E
Source: [email protected]

Mailing List
https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E
Source: [email protected]

Mailing List
https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E
Source: [email protected]

Mailing List
https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html
Source: [email protected]

Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
Source: [email protected]

Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
Source: [email protected]

Release Notes
https://security.gentoo.org/glsa/202208-20
Source: [email protected]

Third Party Advisory
https://security.netapp.com/advisory/ntap-20211008-0004/
Source: [email protected]

Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
Source: [email protected]

Broken Link Third Party Advisory
https://www.debian.org/security/2021/dsa-4982
Source: [email protected]

Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Source: [email protected]

Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Source: [email protected]

Patch Third Party Advisory
https://www.tenable.com/security/tns-2021-17
Source: [email protected]

Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-685781.pdf
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://httpd.apache.org/security/vulnerabilities_24.html
Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes Vendor Advisory
https://lists.apache.org/thread.html/r210807d0bb55f4aa6fbe1512be6bcc4dacd64e84940429fba329967a%40%3Cusers.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List
https://lists.apache.org/thread.html/r2eb200ac1340f69aa22af61ab34780c531d110437910cb9c0ece3b37%40%3Cbugs.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List
https://lists.apache.org/thread.html/r3925e167d5eb1c75def3750c155d753064e1d34a143028bb32910432%40%3Cusers.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List
https://lists.apache.org/thread.html/r61fdbfc26ab170f4e6492ef3bd5197c20b862ce156e9d5a54d4b899c%40%3Cusers.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List
https://lists.apache.org/thread.html/r82838efc5fa6fc4c73986399c9b71573589f78b31846aff5bd9b1697%40%3Cusers.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List
https://lists.apache.org/thread.html/r82c077663f9759c7df5a6656f925b3ee4f55fcd33c889ba7cd687029%40%3Cusers.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List
https://lists.apache.org/thread.html/rf6954e60b1c8e480678ce3d02f61b8a788997785652e9557a3265c00%40%3Cusers.httpd.apache.org%3E
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List
https://lists.debian.org/debian-lts-announce/2021/10/msg00001.html
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SPBR6WUYBJNACHKE65SPL7TJOHX7RHWD/
Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZNCYSR3BXT36FFF4XTCPL3HDQK4VP45R/
Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes
https://security.gentoo.org/glsa/202208-20
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://security.netapp.com/advisory/ntap-20211008-0004/
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-apache-httpd-2.4.49-VWL69sWQ
Source: af854a3a-2127-422b-91ae-364da2661108

Broken Link Third Party Advisory
https://www.debian.org/security/2021/dsa-4982
Source: af854a3a-2127-422b-91ae-364da2661108

Mailing List Third Party Advisory
https://www.oracle.com/security-alerts/cpuapr2022.html
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory
https://www.oracle.com/security-alerts/cpujan2022.html
Source: af854a3a-2127-422b-91ae-364da2661108

Patch Third Party Advisory
https://www.tenable.com/security/tns-2021-17
Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-40438
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource