CVE-2024-38472
Published: 1 July 2024
SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
Notes
Author | Note |
---|---|
alexmurray | Only affects Apache HTTP Server on Windows so apache2 in Ubuntu is not affected. |
Priority
Status
Package | Release | Status |
---|---|---|
apache2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(Windows only)
|
focal |
Not vulnerable
(Windows only)
|
|
jammy |
Not vulnerable
(Windows only)
|
|
mantic |
Not vulnerable
(Windows only)
|
|
noble |
Not vulnerable
(Windows only)
|
|
trusty |
Not vulnerable
(Windows only)
|
|
upstream |
Released
(2.4.60-1)
|
|
xenial |
Not vulnerable
(Windows only)
|