CVE-2024-40898

Severity CVSS v4.0:
Pending analysis
Type:
CWE-918 Server-Side Request Forgery (SSRF)
Publication date:
18/07/2024
Last modified:
08/08/2024

Description

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.<br /> <br /> Users are recommended to upgrade to version 2.4.62 which fixes this issue. 

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* 2.4.62 (excluding)
cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*


References to Advisories, Solutions, and Tools