CVE-2024-40898
Public on 2024-07-18
Modified on 2024-07-19
Description
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue.
Amazon Linux is not affected, CVE specifics to the Wiindows operating system
Amazon Linux is not affected, CVE specifics to the Wiindows operating system
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | httpd | No Fix Planned | ||
| Amazon Linux 2 - Core | httpd | Not Affected | ||
| Amazon Linux 2023 | httpd | Not Affected | ||
| Amazon Linux 1 | httpd24 | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| NVD | CVSSv3 | 9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |