CVE-2024-38472: SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.

Kurzinfo

Veroeffentlicht: 2024-07-01 00:00 UTC Importiert: 2026-05-14 20:48 UTC CVSS: 7.5 Quelle-ID: apache_httpd_sec uid_hash: 58c8496ce80cb168c8f58a5d17c7ef930223e94af84a5b45993abebd05e422b8
Apache HTTP Server Security (httpd.org JSON)

Verknuepfte CVEs

CVE-ID Severity (CVE.org) CVSS (CVE.org) EPSS EPSS-% Veroeffentlicht (CVE.org)

CVE-2024-38472

 HIGH 7.5 - - 2024-07-01

Quellen-Details

Bezeichnung Name Kategorie Tags Zielgruppe Sprache Feed-URL
Apache HTTP Server Security (httpd.org JSON)

apache_httpd_sec

 vendor_advisory webserver, httpd - de https://httpd.apache.org/security/vulnerabilities-httpd.json
Zurueck zur Eintrags-Liste