Filtered by vendor Apache Software Foundation Subscriptions
Filtered by product Apache Http Server Subscriptions
Total 1 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2024-38472 2 Apache Software Foundation, Redhat 2 Apache Http Server, Jboss Core Services 2024-11-21 7.5 High
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.