Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2025-59775

Опубликовано: 05 дек. 2025
Источник: ubuntu
Приоритет: medium
CVSS3: 7.5

Описание

Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

РелизСтатусПримечание
devel

not-affected

windows only
esm-infra-legacy/trusty

not-affected

windows only
esm-infra/bionic

not-affected

windows only
esm-infra/focal

not-affected

windows only
esm-infra/xenial

not-affected

windows only
jammy

not-affected

windows only
noble

not-affected

windows only
plucky

not-affected

windows only
questing

not-affected

windows only
upstream

not-affected

debian: Only affects Apache on Windows

Показывать по

Ссылки на источники

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-59775

CVSS3: 7.5
nvd
2 месяца назад

Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

msrc логотип

CVE-2025-59775

msrc
около 2 месяцев назад

Apache HTTP Server: NTLM Leakage on Windows through UNC SSRF

debian логотип

CVE-2025-59775

CVSS3: 7.5
debian
2 месяца назад

Server-Side Request Forgery (SSRF) vulnerability in Apache HTTP Serv ...

github логотип

GHSA-7w72-74p3-5cfq

CVSS3: 7.5
github
2 месяца назад

Server-Side Request Forgery (SSRF) vulnerability  in Apache HTTP Server on Windows with AllowEncodedSlashes On and MergeSlashes Off  allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.66, which fixes the issue.

fstec логотип

BDU:2025-15293

CVSS3: 7.5
fstec
5 месяцев назад

Уязвимость веб-сервера Apache HTTP Server, связанная с недостаточной проверкой запросов на стороне сервера, позволяющая нарушителю получить доступ к NTLM-хэшам

7.5 High

CVSS3