Description
Apache mod_proxy allows an unauthenticated attacker to send arbitrary values in the request uri-path and interact with internal network resources which is otherwise not accessible externally. An attacker may use this feature to perform SSRF (server-side request forgery) attacks on the server.
Remediation
Upgrade to the latest version of Apache HTTP Server
References
Related Vulnerabilities
Apache Struts2 remote code execution vulnerability
WordPress Plugin JSM file_get_contents() Shortcode Server-Side Request Forgery (2.7.0)
WordPress Plugin All in One Social Lite Server-Side Request Forgery (1.0)
WordPress Plugin RSVPMaker Server-Side Request Forgery (8.7.2)
WordPress Plugin Craw Data Server-Side Request Forgery (1.0.0)