CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38472

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.819

EPSS Ranking 99.1%

CVSS Severity

CVSS v3 Score 7.5

References

Products affected by CVE-2024-38472

Apache » Http Server » Version: 2.4.0

cpe:2.3:a:apache:http_server:2.4.0
Apache » Http Server » Version: 2.4.1

cpe:2.3:a:apache:http_server:2.4.1
Apache » Http Server » Version: 2.4.10

cpe:2.3:a:apache:http_server:2.4.10
Apache » Http Server » Version: 2.4.11

cpe:2.3:a:apache:http_server:2.4.11
Apache » Http Server » Version: 2.4.12

cpe:2.3:a:apache:http_server:2.4.12
Apache » Http Server » Version: 2.4.13

cpe:2.3:a:apache:http_server:2.4.13
Apache » Http Server » Version: 2.4.14

cpe:2.3:a:apache:http_server:2.4.14
Apache » Http Server » Version: 2.4.15

cpe:2.3:a:apache:http_server:2.4.15
Apache » Http Server » Version: 2.4.16

cpe:2.3:a:apache:http_server:2.4.16
Apache » Http Server » Version: 2.4.17

cpe:2.3:a:apache:http_server:2.4.17
Apache » Http Server » Version: 2.4.18

cpe:2.3:a:apache:http_server:2.4.18
Apache » Http Server » Version: 2.4.19

cpe:2.3:a:apache:http_server:2.4.19
Apache » Http Server » Version: 2.4.2

cpe:2.3:a:apache:http_server:2.4.2
Apache » Http Server » Version: 2.4.20

cpe:2.3:a:apache:http_server:2.4.20
Apache » Http Server » Version: 2.4.21

cpe:2.3:a:apache:http_server:2.4.21
Apache » Http Server » Version: 2.4.22

cpe:2.3:a:apache:http_server:2.4.22
Apache » Http Server » Version: 2.4.23

cpe:2.3:a:apache:http_server:2.4.23
Apache » Http Server » Version: 2.4.24

cpe:2.3:a:apache:http_server:2.4.24
Apache » Http Server » Version: 2.4.25

cpe:2.3:a:apache:http_server:2.4.25
Apache » Http Server » Version: 2.4.26

cpe:2.3:a:apache:http_server:2.4.26
Apache » Http Server » Version: 2.4.27

cpe:2.3:a:apache:http_server:2.4.27
Apache » Http Server » Version: 2.4.28

cpe:2.3:a:apache:http_server:2.4.28
Apache » Http Server » Version: 2.4.29

cpe:2.3:a:apache:http_server:2.4.29
Apache » Http Server » Version: 2.4.3

cpe:2.3:a:apache:http_server:2.4.3
Apache » Http Server » Version: 2.4.30

cpe:2.3:a:apache:http_server:2.4.30
Apache » Http Server » Version: 2.4.31

cpe:2.3:a:apache:http_server:2.4.31
Apache » Http Server » Version: 2.4.32

cpe:2.3:a:apache:http_server:2.4.32
Apache » Http Server » Version: 2.4.33

cpe:2.3:a:apache:http_server:2.4.33
Apache » Http Server » Version: 2.4.34

cpe:2.3:a:apache:http_server:2.4.34
Apache » Http Server » Version: 2.4.35

cpe:2.3:a:apache:http_server:2.4.35
Apache » Http Server » Version: 2.4.36

cpe:2.3:a:apache:http_server:2.4.36
Apache » Http Server » Version: 2.4.37

cpe:2.3:a:apache:http_server:2.4.37
Apache » Http Server » Version: 2.4.38

cpe:2.3:a:apache:http_server:2.4.38
Apache » Http Server » Version: 2.4.39

cpe:2.3:a:apache:http_server:2.4.39
Apache » Http Server » Version: 2.4.4

cpe:2.3:a:apache:http_server:2.4.4
Apache » Http Server » Version: 2.4.40

cpe:2.3:a:apache:http_server:2.4.40
Apache » Http Server » Version: 2.4.41

cpe:2.3:a:apache:http_server:2.4.41
Apache » Http Server » Version: 2.4.42

cpe:2.3:a:apache:http_server:2.4.42
Apache » Http Server » Version: 2.4.43

cpe:2.3:a:apache:http_server:2.4.43
Apache » Http Server » Version: 2.4.44

cpe:2.3:a:apache:http_server:2.4.44
Apache » Http Server » Version: 2.4.45

cpe:2.3:a:apache:http_server:2.4.45
Apache » Http Server » Version: 2.4.46

cpe:2.3:a:apache:http_server:2.4.46
Apache » Http Server » Version: 2.4.47

cpe:2.3:a:apache:http_server:2.4.47
Apache » Http Server » Version: 2.4.48

cpe:2.3:a:apache:http_server:2.4.48
Apache » Http Server » Version: 2.4.49

cpe:2.3:a:apache:http_server:2.4.49
Apache » Http Server » Version: 2.4.5

cpe:2.3:a:apache:http_server:2.4.5
Apache » Http Server » Version: 2.4.50

cpe:2.3:a:apache:http_server:2.4.50
Apache » Http Server » Version: 2.4.51

cpe:2.3:a:apache:http_server:2.4.51
Apache » Http Server » Version: 2.4.52

cpe:2.3:a:apache:http_server:2.4.52
Apache » Http Server » Version: 2.4.53

cpe:2.3:a:apache:http_server:2.4.53
Apache » Http Server » Version: 2.4.54

cpe:2.3:a:apache:http_server:2.4.54
Apache » Http Server » Version: 2.4.55

cpe:2.3:a:apache:http_server:2.4.55
Apache » Http Server » Version: 2.4.56

cpe:2.3:a:apache:http_server:2.4.56
Apache » Http Server » Version: 2.4.57

cpe:2.3:a:apache:http_server:2.4.57
Apache » Http Server » Version: 2.4.58

cpe:2.3:a:apache:http_server:2.4.58
Apache » Http Server » Version: 2.4.59

cpe:2.3:a:apache:http_server:2.4.59
Apache » Http Server » Version: 2.4.6

cpe:2.3:a:apache:http_server:2.4.6
Apache » Http Server » Version: 2.4.7

cpe:2.3:a:apache:http_server:2.4.7
Apache » Http Server » Version: 2.4.8

cpe:2.3:a:apache:http_server:2.4.8
Apache » Http Server » Version: 2.4.9

cpe:2.3:a:apache:http_server:2.4.9
Netapp » Ontap » Version: 9

cpe:2.3:a:netapp:ontap:9

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2024-38472

Products

Pricing

Contact Us