SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content
Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
References
Link | Resource |
---|---|
https://httpd.apache.org/security/vulnerabilities_24.html | Vendor Advisory |
http://www.openwall.com/lists/oss-security/2024/07/01/5 | Mailing List |
https://httpd.apache.org/security/vulnerabilities_24.html | Vendor Advisory |
https://security.netapp.com/advisory/ntap-20240712-0001/ | Third Party Advisory |
Configurations
History
01 Jul 2025, 20:24
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:netapp:ontap:9:*:*:*:*:*:*:* cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:* |
|
First Time |
Netapp
Apache Apache http Server Netapp ontap |
|
References | () https://httpd.apache.org/security/vulnerabilities_24.html - Vendor Advisory | |
References | () http://www.openwall.com/lists/oss-security/2024/07/01/5 - Mailing List | |
References | () https://security.netapp.com/advisory/ntap-20240712-0001/ - Third Party Advisory |
21 Nov 2024, 09:26
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
References | () https://httpd.apache.org/security/vulnerabilities_24.html - |
18 Nov 2024, 09:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Summary | (en) SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing. |
12 Jul 2024, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Jul 2024, 16:22
Type | Values Removed | Values Added |
---|---|---|
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
02 Jul 2024, 12:09
Type | Values Removed | Values Added |
---|---|---|
Summary |
|
01 Jul 2024, 19:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-07-01 19:15
Updated : 2025-07-01 20:24
NVD link : CVE-2024-38472
Mitre link : CVE-2024-38472
CVE.ORG link : CVE-2024-38472
JSON object : View
Products Affected
netapp
- ontap
apache
- http_server
CWE
CWE-918
Server-Side Request Forgery (SSRF)