CVE-2024-38472
Published: 1 July 2024
SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
Notes
| Author | Note |
|---|---|
| alexmurray | Only affects Apache HTTP Server on Windows so apache2 in Ubuntu is not affected. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
apache2 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(Windows only)
|
| focal |
Not vulnerable
(Windows only)
|
|
| jammy |
Not vulnerable
(Windows only)
|
|
| mantic |
Not vulnerable
(Windows only)
|
|
| noble |
Not vulnerable
(Windows only)
|
|
| trusty |
Not vulnerable
(Windows only)
|
|
| upstream |
Released
(2.4.60-1)
|
|
| xenial |
Not vulnerable
(Windows only)
|