CVE-2024-38472

Опубликовано: 01 июл. 2024

Источник: ubuntu

Приоритет: medium

EPSS Критический

CVSS3: 7.5

Описание

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.

Релиз	Статус	Примечание
devel	not-affected	Windows only
esm-infra-legacy/trusty	not-affected	Windows only
esm-infra/bionic	not-affected	Windows only
esm-infra/focal	not-affected	Windows only
esm-infra/xenial	not-affected	Windows only
focal	not-affected	Windows only
jammy	not-affected	Windows only
mantic	not-affected	Windows only
noble	not-affected	Windows only
trusty/esm	not-affected	Windows only

Показывать по

Ссылки на источники

EPSS

Процентиль: 100%

0.90939

Критический

7.5 High

CVSS3

Связанные уязвимости

CVE-2024-38472

CVSS3: 7.5

redhat

около 1 года назад

CVE-2024-38472

CVSS3: 7.5

nvd

около 1 года назад

CVE-2024-38472

CVSS3: 7.5

msrc

9 месяцев назад

Описание отсутствует

CVE-2024-38472

CVSS3: 7.5

debian

около 1 года назад

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM ...

GHSA-fjcc-r94c-wxr8

CVSS3: 7.5

github

около 1 года назад

SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.

EPSS

Процентиль: 100%

0.90939

Критический

7.5 High

CVSS3

CVE-2024-38472

Описание

Пакет apache2

Ссылки на источники

Связанные уязвимости