CVE-2024-40898

CVE-2024-40898: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows

Vendor Apache Software Foundation

Product Apache HTTP Server

Weakness CWE-918 · SSRF

Published July 18, 2024

Last update September 13, 2024

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue.

Key dates

Disclosure timeline

July 18, 2024 CVE published

September 13, 2024 Record updated