CVE-2024-38472

CVSS v2.0

9.0

High

Vector

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.60

Description: The issue is related to Server-Side Request Forgery (SSRF) in the Apache HTTP Server on Windows, which can potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content. Existing configurations that access UNC paths will have to configure the new directive "UNCList" to allow access during request processing.

Recommendations: To resolve the issue, users are recommended to upgrade to version 2.4.60, which fixes this problem. Existing configurations that access UNC paths should configure the new directive "UNCList" to allow access during request processing.

Exploit

Fix

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

ALSA-2024_4720

ALSA-2024_4726

ALSA-2024_5138

ALSA-2024_5193

ALSA-2024_8680

ALT-PU-2024-10005

ALT-PU-2024-10192

ALT-PU-2024-10223

ALT-PU-2024-9738

BDU:2024-05354

BIT-APACHE-2024-38472

CVE-2024-38472

OPENSUSE-SU-2024:14116-1

Affected Products

Alt Linux

Apache Http Server

Red Os

CVE-2024-38472

Weakness Enumeration

Related Identifiers

Affected Products

References · 43