From ec94648cc19e0a47e41037f0138894167bb352ce Mon Sep 17 00:00:00 2001
From: wzz1201 <w_zheng@buaa.edu.cn>
Date: Sun, 21 May 2023 06:00:49 +0000
Subject: [PATCH] =?UTF-8?q?=E4=B8=8A=E4=BC=A0CVE-2021-40438.yaml?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: wzz1201 <w_zheng@buaa.edu.cn>
---
 .../2021/yaml/CVE-2021-40438.yaml             | 20 +++++++++++++++++++
 1 file changed, 20 insertions(+)
 create mode 100644 cve/apache-Httpd/2021/yaml/CVE-2021-40438.yaml

diff --git a/cve/apache-Httpd/2021/yaml/CVE-2021-40438.yaml b/cve/apache-Httpd/2021/yaml/CVE-2021-40438.yaml
new file mode 100644
index 00000000..227cb867
--- /dev/null
+++ b/cve/apache-Httpd/2021/yaml/CVE-2021-40438.yaml
@@ -0,0 +1,20 @@
+id: CVE-2021-40438
+source: https://github.com/Kashkovsky/CVE-2021-40438
+info:
+  name: Apache HTTP Server（简称 Apache）是开源的 Web 服务器，可以在大多数计算机操作系统中运行，由于其多平台和安全性被广泛使用，是最流行的 Web 服务器端软件之一。它快速、可靠并且可通过简单的 API 扩展，将 Perl/Python 等解释器编译到服务器中。
+  severity: critical
+  description: |
+    Apache HTTP Server是Apache基金会开源的一款流行的HTTP服务器。在其2.4.48及以前的版本中，mod_proxy模块存在一处逻辑错误导致攻击者可以控制反向代理服务器的地址，进而导致SSRF漏洞。
+  scope-of-influence:
+    Apache HTTP Server ≤ 2.4.48
+  reference:
+    - https://nvd.nist.gov/vuln/detail/CVE-2021-40438
+    - https://blog.csdn.net/weixin_44047654/article/details/128202120?ops_request_misc=%257B%2522request%255Fid%2522%253A%2522168396995416800197070811%2522%252C%2522scm%2522%253A%252220140713.130102334..%2522%257D&request_id=168396995416800197070811&biz_id=0&utm_medium=distribute.pc_search_result.none-task-blog-2~all~sobaiduend~default-1-128202120-null-null.142^v87^control_2,239^v2^insert_chatgpt&utm_term=cve-2021-40438&spm=1018.2226.3001.4187
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H
+    cvss-score: 9.0
+    cve-id: CVE-2021-40438
+    cwe-id: CWE-22
+    cnvd-id: None
+    kve-id: None
+  tags: cve2021, apache-Httpd
\ No newline at end of file