important: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (CVE-2024-40898)

Disclosed: 2024-08-27 06:47:10 By xi4o7unj1e To ibb

High

Vulnerability Details

I reported this vulnerability through the official Apache HTTP Server security email on 2024-07-12, and received a CVE number on 2024-07-17. You can check detailed information from here: https://httpd.apache.org/security/vulnerabilities_24.html ## Impact SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests.

Actions

View on HackerOne

Report Stats

Report ID: 2612028
State: Closed
Substate: resolved
Upvotes: 14

important: Apache HTTP Server: SSRF with mod_rewrite in server/vhost context on Windows (CVE-2024-40898)

Vulnerability Details

Actions

Report Stats

Share this report