Apache HTTP Server
Easy fix2 remedies
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*
Easy fix2 remedies
- <= 2.4.48
Actively Exploited in the Wild
This vulnerability is being actively exploited in the wild.
Apache HTTP Server mod_proxy Server-Side Request Forgery Vulnerability
Vulnerability
Exploited
Patched
A server-side request forgery (SSRF) vulnerability has been identified in the Apache HTTP Server's mod_proxy component. This vulnerability allows an attacker to craft a request that is forwarded to an arbitrary origin server of their choice. The issue affects Apache HTTP Server versions 2.4.48 and earlier.
Impact
Exploitation of this vulnerability could lead to unauthorized requests being sent to internal or external servers, potentially causing data exposure or manipulation.
Reproduction
To reproduce this vulnerability, send a crafted request with a specific URI path that mod_proxy will forward to a chosen origin server. This can be done by exploiting the proxying capabilities of the server, directing requests to unintended destinations.
Remediation
Users are advised to upgrade to Apache HTTP Server version 2.4.50 or later, where this vulnerability has been fixed.
Added: May 14, 2026, 6:24 AM
Updated: May 14, 2026, 6:24 AM
Vulnerability Rating
Custom Algorithm
spread
9.4impact
0.4exploitability
8.7remediation
8.3relevance
0.0threat
9.9urgency
2.9incentive
4.2Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.