CVE-2024-40898
Public on 2024-07-18
Modified on 2024-07-19
Description
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests. Users are recommended to upgrade to version 2.4.62 which fixes this issue.
HAQM Linux is not affected, CVE specifics to the Wiindows operating system
HAQM Linux is not affected, CVE specifics to the Wiindows operating system
Severity
Medium
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| HAQM Linux 1 | httpd | No Fix Planned | ||
| HAQM Linux 2 - Core | httpd | Not Affected | ||
| HAQM Linux 2023 | httpd | Not Affected | ||
| HAQM Linux 1 | httpd24 | No Fix Planned |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| HAQM Linux | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N |
| NVD | CVSSv3 | 9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |