A crafted request uri-path can cause mod_proxy to forward the request to an origin server choosen by the remote user. This issue affects Apache HTTP Server 2.4.48 and earlier.
The web server receives a URL or similar request from an upstream component and retrieves the contents of this URL, but it does not sufficiently ensure that the request is being sent to the expected destination.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http_server | Apache | * | 2.4.48 (including) |
| JBoss Core Services for RHEL 8 | RedHat | jbcs-httpd24-httpd-0:2.4.37-76.el8jbcs | * |
| JBoss Core Services for RHEL 8 | RedHat | jbcs-httpd24-mod_cluster-native-0:1.3.16-7.Final_redhat_2.el8jbcs | * |
| JBoss Core Services for RHEL 8 | RedHat | jbcs-httpd24-mod_http2-0:1.15.7-19.el8jbcs | * |
| JBoss Core Services for RHEL 8 | RedHat | jbcs-httpd24-mod_jk-0:1.2.48-18.redhat_1.el8jbcs | * |
| JBoss Core Services for RHEL 8 | RedHat | jbcs-httpd24-mod_md-1:2.0.8-38.el8jbcs | * |
| JBoss Core Services for RHEL 8 | RedHat | jbcs-httpd24-mod_security-0:2.9.2-65.GA.el8jbcs | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-httpd-0:2.4.37-76.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-mod_cluster-native-0:1.3.16-7.Final_redhat_2.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-mod_http2-0:1.15.7-19.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-mod_jk-0:1.2.48-18.redhat_1.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-mod_md-1:2.0.8-38.jbcs.el7 | * |
| JBoss Core Services on RHEL 7 | RedHat | jbcs-httpd24-mod_security-0:2.9.2-65.GA.jbcs.el7 | * |
| Red Hat Enterprise Linux 7 | RedHat | httpd-0:2.4.6-97.el7_9.1 | * |
| Red Hat Enterprise Linux 7.2 Advanced Update Support | RedHat | httpd-0:2.4.6-40.el7_2.7 | * |
| Red Hat Enterprise Linux 7.3 Advanced Update Support | RedHat | httpd-0:2.4.6-45.el7_3.6 | * |
| Red Hat Enterprise Linux 7.4 Advanced Update Support | RedHat | httpd-0:2.4.6-67.el7_4.7 | * |
| Red Hat Enterprise Linux 7.6 Advanced Update Support | RedHat | httpd-0:2.4.6-89.el7_6.2 | * |
| Red Hat Enterprise Linux 7.6 Telco Extended Update Support | RedHat | httpd-0:2.4.6-89.el7_6.2 | * |
| Red Hat Enterprise Linux 7.6 Update Services for SAP Solutions | RedHat | httpd-0:2.4.6-89.el7_6.2 | * |
| Red Hat Enterprise Linux 7.7 Advanced Update Support | RedHat | httpd-0:2.4.6-90.el7_7.1 | * |
| Red Hat Enterprise Linux 7.7 Telco Extended Update Support | RedHat | httpd-0:2.4.6-90.el7_7.1 | * |
| Red Hat Enterprise Linux 7.7 Update Services for SAP Solutions | RedHat | httpd-0:2.4.6-90.el7_7.1 | * |
| Red Hat Enterprise Linux 8 | RedHat | httpd:2.4-8040020211008164252.522a0ee4 | * |
| Red Hat Enterprise Linux 8.1 Extended Update Support | RedHat | httpd:2.4-8010020211008125020.c27ad7f8 | * |
| Red Hat Enterprise Linux 8.2 Extended Update Support | RedHat | httpd:2.4-8020020211008164029.4cda2c84 | * |
| Red Hat JBoss Core Services 1 | RedHat | jbcs-httpd24-httpd | * |
| Red Hat Software Collections for Red Hat Enterprise Linux 7 | RedHat | httpd24-httpd-0:2.4.34-22.el7.1 | * |
| Apache2 | Ubuntu | bionic | * |
| Apache2 | Ubuntu | devel | * |
| Apache2 | Ubuntu | esm-infra/xenial | * |
| Apache2 | Ubuntu | focal | * |
| Apache2 | Ubuntu | hirsute | * |
| Apache2 | Ubuntu | impish | * |
| Apache2 | Ubuntu | jammy | * |
| Apache2 | Ubuntu | trusty | * |
| Apache2 | Ubuntu | upstream | * |
| Apache2 | Ubuntu | xenial | * |