Vulnerability CVE-2024-38472: Information

Description

SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.

Published: July 1, 2024
Modified: July 12, 2024

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
apache2sisyphus2.4.61-alt12.4.61-alt1ALT-PU-2024-9736-1352421Fixed
apache2sisyphus_riscv642.4.61-alt12.4.61-alt1ALT-PU-2024-9756-1-Fixed
apache2sisyphus_loongarch642.4.61-alt12.4.61-alt1ALT-PU-2024-9761-1-Fixed
apache2p112.4.61-alt12.4.59-alt1ALT-PU-2024-9738-1352426Testing

References to Advisories, Solutions, and Tools