First published: Wed Jul 17 2024(Updated: )
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue.
Credit: security@apache.org
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
Apache Http Server | <2.4.62 | |
Microsoft Windows Operating System |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2024-40898 is considered a high severity vulnerability due to the potential exposure of NTLM hashes.
To fix CVE-2024-40898, users should upgrade to Apache HTTP Server version 2.4.62 or later.
CVE-2024-40898 is an SSRF (Server-Side Request Forgery) vulnerability in Apache HTTP Server with mod_rewrite.
CVE-2024-40898 affects Apache HTTP Server running on Microsoft Windows environments.
An attacker exploiting CVE-2024-40898 can potentially leak NTLM hashes to a malicious server via crafted requests.