CVE-2024-43394

Server-Side Request Forgery (SSRF) in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via <br /> mod_rewrite or apache expressions that pass unvalidated request input.<br /> <br /> This issue affects Apache HTTP Server: from 2.4.0 through 2.4.63.<br /> <br /> Note:  The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. <br /> <br /> The server offers limited protection against administrators directing the server to open UNC paths.<br /> Windows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication.