AI Score
Confidence
Low
EPSS
Percentile
20.2%
SSVC
Exploitation
none
Automatable
yes
Technical Impact
partial
SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF andΒ malicious requests or content
Users are recommended to upgrade to version 2.4.60 which fixes this issue.Β Note: Existing configurations that access UNC paths will have to configure new directive βUNCListβ to allow access during request processing.
[
{
"cpes": [
"cpe:2.3:a:apache_software_foundation:apache_http_server:*:*:*:*:*:*:*:*"
],
"vendor": "apache_software_foundation",
"product": "apache_http_server",
"versions": [
{
"status": "affected",
"version": "0",
"lessThan": "2.4.60",
"versionType": "custom"
}
],
"defaultStatus": "unknown"
}
]