CVE-2024-38472

State: PUBLISHED · Published: 2024-07-01 · Updated: 2024-11-18 · Assigner: apache

Description

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.

CWE

CWE-918 — CWE-918 Server-Side Request Forgery (SSRF)

Affected

Apache Software Foundation / Apache HTTP Server — v=2.4.0 ≤2.4.59 [affected]

CVSS

(none)

References

https://httpd.apache.org/security/vulnerabilities_24.html vendor-advisory

Source

cvelistV5-main/cves/2024/38xxx/CVE-2024-38472.json