SERVER-APACHE -- Snort has detected traffic exploiting vulnerabilities in Apache servers.
SERVER-APACHE Apache HTTP server SSRF attempt
Detects cve-2021-40438
This rule detects a server-side request forgery (SSRF) vulnerability is affecting Apache HTTP Server 2.4.48 and earlier versions. The vulnerability resides in mod_proxy and allows remote, unauthenticated attackers to force vulnerable HTTP servers to forward requests to arbitrary servers—giving them the ability to obtain or tamper with resources that would potentially otherwise be unavailable to them.
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
Server-Side Request Forgery
Server-Side Request Forgery (SSRF) attackers abuse functionality on the server to read or update internal resources. The attacker can supply or modify a URL for the server to read or submit data to. By carefully selecting the URLs, the attacker may be able to read server configuration such as AWS metadata, connect to internal services like http enabled databases or perform post requests for internal services which are not intended to be exposed.
CVE-2021-40438 |
Loading description
|
Tactic: Initial Access
Technique: Exploit Public-Facing Application
For reference, see the MITRE ATT&CK vulnerability types here: https://attack.mitre.org
©2024 Cisco and/or its affiliates. Snort, the Snort and Pig logo are registered trademarks of Cisco. All rights reserved.
