CVE-2024-43394

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server versions 2.4.0 through 2.4.63

Description: A Server-Side Request Forgery (SSRF) issue exists in Apache HTTP Server on Windows. This issue potentially allows the leakage of NTLM hashes to a malicious server via mod rewrite or Apache expressions that process unvalidated request input. The server offers limited protection against administrators directing it to open UNC paths. Windows servers should limit the hosts they will connect to over SMB based on the nature of NTLM authentication.

Recommendations: Update to a version later than 2.4.63.