Apache HTTP Server Vulnerability Could Leak NTML Hashes
CVE-2024-38472
Currently unrated 🤨
Summary
SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
Affected Version(s)
Apache HTTP Server <= 2.4.59
Timeline
Vulnerability published.
Vulnerability Reserved.
reported
Collectors
NVD DatabaseMitre Database
Credit
Orange Tsai (@orange_8361) from DEVCORE