SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content
Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
References
Configurations
No configuration.
History
18 Nov 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
Summary | (en) SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing. | |
References |
|
12 Jul 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Jul 2024, 16:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
02 Jul 2024, 12:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 Jul 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-01 19:15
Updated : 2024-11-18 09:15
NVD link : CVE-2024-38472
Mitre link : CVE-2024-38472
CVE.ORG link : CVE-2024-38472
JSON object : View
Products Affected
No product.
CWE
CWE-918
Server-Side Request Forgery (SSRF)