Apache HTTP Server Vulnerability Could Leak NTML Hashes
CVE-2024-38472

Currently unrated

Key Information:

Vendor
Apache
Status
Apache Http Server
Vendor
CVE Published:
1 July 2024

What is CVE-2024-38472?

CVE-2024-38472 is a vulnerability identified in the Apache HTTP Server, specifically affecting its operation on Windows systems. The vulnerability stems from a server-side request forgery (SSRF) flaw that could potentially lead to the leakage of NTLM hashes to malicious servers through crafted requests or malicious content. The Apache HTTP Server is a widely-used web server software that plays a crucial role in hosting web applications and services. Organizations operating affected versions are at risk of exposing sensitive authentication information, which could facilitate unauthorized access, compromise of systems, or wider network breaches.

Technical Details

This vulnerability arises from a weakness in how the Apache HTTP Server handles requests that access UNC paths. When exploited, an attacker can manipulate requests to redirect server processing in a way that unintended information, specifically NTLM hashes, may be sent to an external attacker-controlled server. To mitigate this vulnerability, users are advised to upgrade to Apache HTTP Server version 2.4.60 or higher. Additionally, existing configurations that access UNC paths will require the implementation of a new directive, "UNCList", to permit proper functioning and mitigate risk during request processing.

Potential Impact of CVE-2024-38472

  1. Data Leakage: The primary impact involves the potential leakage of sensitive NTLM hashes, which are used in authentication processes. This exposure can lead to credential theft and increased vulnerability to further attacks.

  2. Unauthorized Access: By compromising NTLM hashes, attackers can gain unauthorized access to network resources, enabling them to escalate privileges within an organization. This can facilitate lateral movement across the network, increasing the overall risk profile for the organization.

  3. Increased Attack Surface: As this vulnerability could be exploited in various scenarios, it broadens the attack surface, making it easier for threat actors to initiate further exploits or attacks, including ransomware intrusions and other malicious activities.

Affected Version(s)

Apache HTTP Server 2.4.0 <= 2.4.59

References

https://httpd.apache.org/security/vulnerabilities_24.html
vendor-advisory

Timeline

  • Vulnerability published

  • Vulnerability Reserved

Collectors

NVD DatabaseMitre Database

Credit

Orange Tsai (@orange_8361) from DEVCORE
.