Apache HTTP Server Vulnerability Could Leak NTML Hashes

CVE-2024-38472

Currently unrated 🤨

Key Information

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 1 July 2024

Summary

SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.

Affected Version(s)

Apache HTTP Server <= 2.4.59

Timeline

Vulnerability published.
Jul 1, 2024
Vulnerability Reserved.
Jun 17, 2024
reported
Apr 1, 2024

Collectors

NVD DatabaseMitre Database

Credit

Orange Tsai (@orange_8361) from DEVCORE

.