Описание
Server-Side Request Forgery (SSRF) vulnerability
in Apache HTTP Server on Windows
with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content
Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Ссылки
- Vendor Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
EPSS
7.5 High
CVSS3
Дефекты
Связанные уязвимости
Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Serv ...
Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Уязвимость веб-сервера Apache HTTP Server, связанная с недостаточной проверкой запросов на стороне сервера, позволяющая нарушителю получить доступ к NTLM-хэшам
EPSS
7.5 High
CVSS3