Filtered by vendor Apache Software Foundation
Subscriptions
Filtered by product Apache Http Server
Subscriptions
Total
1 CVE
CVE | Vendors | Products | Updated | CVSS v3.1 |
---|---|---|---|---|
CVE-2024-38472 | 2 Apache Software Foundation, Redhat | 2 Apache Http Server, Jboss Core Services | 2024-11-21 | 7.5 High |
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing. |
Page 1 of 1.