BIT-apache-2024-38472

BIT-apache-2024-38472 PUBLISHED CVSS 7.5 HIGH

SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Affected Products

Vendor	Product	Versions
Bitnami	apache	2.4.0, 2.4.0, 2.4.0

Timeline

Jul 3, 2024 CVE Published
Jul 13, 2024 CVE Updated

References

https://httpd.apache.org/security/vulnerabilities_24.html url
https://security.netapp.com/advisory/ntap-20240712-0001/ url

Open in Interactive Console →