Updated: 2025-02-06 17:20:23.874901
Description:
SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
| Links | NIST | CIRCL | RHEL | Ubuntu |
| Severity | Score | |
|---|---|---|
| CVSS Version 2.x | NONE | 0 |
| CVSS Version 3.x | HIGH | 7.5 |
| OS name | Project name | Version | Score | Severity | Status | Errata | Last updated | Statement |
|---|---|---|---|---|---|---|---|---|
| CentOS 7 ELS | httpd | 2.4.6 | 7.5 | HIGH | Not Vulnerable | 2025-02-09 00:26:13 | not vulnerable | |
| CloudLinux 7 ELS | httpd | 2.4.6 | 7.5 | HIGH | Not Vulnerable | 2025-02-07 22:52:45 | ||
| Oracle Linux 7 ELS | httpd | 2.4.6 | 7.5 | HIGH | Not Vulnerable | 2025-02-08 22:48:54 |