7.5
CVSSv3

CVE-2024-40898

Published: 18/07/2024 Updated: 21/11/2024

Vulnerability Summary

SSRF Vulnerability in Apache HTTP Server Leads to NTML Hash Leak

A Server-Side Request Forgery (SSRF) issue exists in Apache HTTP Server on Windows when using mod_rewrite in the server/vhost context. This flaw may leak NTLM hashes to a malicious server through SSRF and bad requests. Users are advised to upgrade to version 2.4.62 to solve this problem.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apache http server

Mailing Lists

Severity: important Affected versions: - Apache HTTP Server 240 through 2461 Description: SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests Users are recommended to upgrade to version 2462 which fixes this issue ...

Github Repositories

CVE-2024-40725 and CVE-2024-40898, affecting Apache HTTP Server versions 2.4.0 through 2.4.61. These flaws pose significant risks to web servers worldwide, potentially leading to source code disclosure and server-side request forgery (SSRF) attacks.

🚨Alert🚨Apache Vulnerability 🚨Alert🚨Security Advisory: CVE-2024-40725 and CVE-2024-40898🚨Alert🚨 CVE-2024-40725 Description: CVE-2024-40725 is a high-severity vulnerability found in Apache HTTP Server versions 240 to 2461 This vulnerability affects the mod_proxy module When the ProxyPass directive is enabled and URL rewrite rules are configured, an attacke

🚨Alert🚨Apache Vulnerability 🚨Alert🚨Security Advisory: CVE-2024-40725 and CVE-2024-40898🚨Alert🚨 CVE-2024-40725 Description: CVE-2024-40725 is a high-severity vulnerability found in Apache HTTP Server versions 240 to 2461 This vulnerability affects the mod_proxy module When the ProxyPass directive is enabled and URL rewrite rules are configured, an attacke