Описание
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.
Users are recommended to upgrade to version 2.4.62 which fixes this issue.
A flaw was found in HTTPd on Windows systems. This issue potentially allows NTLM hashes to be leaked via mod_rewrite in server/vhost context to a malicious server via Server-side request forgery (SSRF) and malicious requests or content.
Отчет
This flaw only affects HTTPd running on Windows systems. Therefore, the HTTPd package as shipped in Red Hat Enterprise Linux 6, 7, 8 and 9 is not affected by this vulnerability.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | httpd | Not affected | ||
| Red Hat Enterprise Linux 6 | httpd | Not affected | ||
| Red Hat Enterprise Linux 7 | httpd | Not affected | ||
| Red Hat Enterprise Linux 8 | httpd:2.4/httpd | Not affected | ||
| Red Hat Enterprise Linux 9 | httpd | Not affected | ||
| Red Hat JBoss Core Services | jbcs-httpd24-httpd | Affected | ||
| Text-Only JBCS | httpd | Fixed | RHSA-2024:6928 | 24.09.2024 |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue.
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue.
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost ...
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue.
EPSS
7.5 High
CVSS3