Vulnerability in Apache HTTP Server Could Leak NTML Hashes to Malicious Servers

CVE-2024-40898

7.5HIGH

Key Information

Vendor: Apache
Status: Apache Http Server
Vendor: CVE Published:; 18 July 2024

Badges

📰 News Worthy

Summary

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.

Users are recommended to upgrade to version 2.4.62 which fixes this issue.

Affected Version(s)

Apache HTTP Server <= 2.4.61

News Articles

TechRadar

CVE-2024-40725 CVE-2024-40898

These vulnerabilities in Apache HTTP Server enable HTTP Request Smuggling and SSL Authentication Bypass, posing severe threats to organizations worldwide

PoC exploit codes are available for both vulnerabilities

3 months ago

cyfirma

CVE-2024-40725 CVE-2024-40898

CVE-2024-40725 and CVE-2024-40898 Vulnerabilities in Apache’s HTTP Server : Vulnerability Analysis and Exploitation - CYFIRMA

Published On : 2024-09-11 EXECUTIVE SUMMARY CVE-2024-40725 and CVE-2024-40898 are vulnerabilities in Apache’s HTTP Server. CVE-2024-40725 affects the mod_proxy module, where enabling the ProxyPass...

4 months ago

References

https://httpd.apache.org/security/vulnerabilities_24.html

vendor-advisory

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

📰
First article discovered by cyfirma
Sep 11, 2024
Vulnerability published
Jul 18, 2024
Vulnerability Reserved
Jul 12, 2024

Collectors

NVD DatabaseMitre Database2 News Article(s)

Credit

Smi1e (DBAPPSecurity Ltd.)

xiaojunjie (DBAPPSecurity Ltd.)