Overview
About vulnerability
Server-Side Request Forgery (SSRF) vulnerability
in Apache HTTP Server on Windows
with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content
Users are recommended to upgrade to version 2.4.66, which fixes the issue.
Details
- Affected product:
- AlmaLinux 9.2 ESU , CentOS 7 ELS , Oracle Linux 7 ELS , RHEL 7 ELS , TuxCare 9.6 ESU
- Affected packages:
- httpd @ 2.4.62 (+4 more)
Server-Side Request Forgery (SSRF) vulnerability
in Apache HTTP Server on Windows
with AllowEncodedSlashes On and MergeSlashes Off allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content
Users are recommended to upgrade to version 2.4.66, which fixes the issue.