Internet Bug Bounty: important: Apache HTTP Server on WIndows UNC SSRF (CVE-2024-38472)

2024-07-0307:02:15

orange

hackerone.com

$4920

bug bounty

apache http server

ssrf

ntml hashes

windows

security vulnerability

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

Low

EPSS

0.001

Percentile

20.2%

JSON

I reported this vulnerability through the official Apache HTTP Server security email on April 1, 2024, and received a fix along with a CVE number on July 1, 2024. You can check detailed information from there:
> https://httpd.apache.org/security/vulnerabilities_24.html

Impact

SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content

Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive “UNCList” to allow access during request processing.