CVE-2024-40898
Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
1Exploited in Wild
-Decision
Descriptions
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.
Users are recommended to upgrade to version 2.4.62 which fixes this issue.
SSRF en el servidor Apache HTTP en Windows con mod_rewrite en el contexto de servidor/vhost, permite potencialmente filtrar hashes NTML a un servidor malicioso a través de SSRF y solicitudes maliciosas. Se recomienda a los usuarios actualizar a la versión 2.4.62, que soluciona este problema.
A flaw was found in HTTPd on Windows systems. This issue potentially allows NTLM hashes to be leaked via mod_rewrite in server/vhost context to a malicious server via Server-side request forgery (SSRF) and malicious requests or content.
CVSS Scores
SSVC
- Decision:Attend
Timeline
- 2024-07-12 CVE Reserved
- 2024-07-18 CVE Published
- 2024-07-19 First Exploit
- 2024-08-20 EPSS Updated
- 2024-09-13 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-918: Server-Side Request Forgery (SSRF)
CAPEC
References (4)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898 | 2024-07-19 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://httpd.apache.org/security/vulnerabilities_24.html | 2024-07-18 | |
https://access.redhat.com/security/cve/CVE-2024-40898 | 2024-09-24 | |
https://bugzilla.redhat.com/show_bug.cgi?id=2298648 | 2024-09-24 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apache Software Foundation Search vendor "Apache Software Foundation" | Apache HTTP Server Search vendor "Apache Software Foundation" for product "Apache HTTP Server" | >= 2.4.0 <= 2.4.61 Search vendor "Apache Software Foundation" for product "Apache HTTP Server" and version " >= 2.4.0 <= 2.4.61" | en |
Affected
|