OSG-SEC-2021-11-03 HIGH severity vulnerability in Apache HTTP mod_proxy
Dear OSG Security Contacts,
A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd (CVE-2021-40438) . The OSG Security Team considers this vulnerability to be of HIGH severity for affected systems.
mod_proxy on Apache HTTP Server 2.4.48 and earlier
WHAT ARE THE VULNERABILITIES:
A Server-Side Request Forgery (SSRF) flaw was found in mod_proxy of httpd. This flaw allows a remote, unauthenticated attacker to make the httpd server forward requests to an arbitrary server. The attacker could get, modify, or delete resources on other services that may be behind a firewall and inaccessible otherwise. The impact of this flaw varies based on what services and resources are available on the httpd network. 
WHAT YOU SHOULD DO:
Sites should update as soon as possible, for updated packages and installation information see below.
For sites running RHEL 8/7 and CentOS see 
For sites running Debian see 
For sites running Ubuntu see 
For sites running Scientific Linux see 
Please contact the OSG security team at secu[email protected] if you have any questions or concerns.
OSG Security Team