CVE-2024-40898

State: PUBLISHED · Published: 2024-07-18 · Updated: 2024-09-13 · Assigner: apache

Description

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue.

CWE

CWE-918 — CWE-918 Server-Side Request Forgery (SSRF)

Affected

Apache Software Foundation / Apache HTTP Server — v=2.4.0 ≤2.4.61 [affected]

CVSS

(none)

References

https://httpd.apache.org/security/vulnerabilities_24.html vendor-advisory

Source

cvelistV5-main/cves/2024/40xxx/CVE-2024-40898.json