Xiaojunjie

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.62 Description: The issue is related to a Server-side Request Forgery (SSRF) vulnerability in the mod rewrite module of the Apache HTTP Server on Windows. This vulnerability can be exploited by a remote attacker to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. The problem is caused by insufficient validation of incoming requests. Recommendations: For versions prior to 2.4.62, upgrade to version 2.4.62, which fixes this issue. As a temporary workaround, consider restricting access to the mod rewrite module to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zabbix (affected versions not specified) **Description** The issue is related to incorrect permission assignment for a critical resource in the Zabbix universal monitoring system agent. This can allow a remote attacker to execute arbitrary code. A request to LDAP is sent before user permissions are checked. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.