CVE-2024-40898

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions prior to 2.4.62

Description: The issue is related to a Server-side Request Forgery (SSRF) vulnerability in the mod rewrite module of the Apache HTTP Server on Windows. This vulnerability can be exploited by a remote attacker to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. The problem is caused by insufficient validation of incoming requests.

Recommendations: For versions prior to 2.4.62, upgrade to version 2.4.62, which fixes this issue. As a temporary workaround, consider restricting access to the mod rewrite module to minimize the risk of exploitation.