CVE-2024-40898
- Source
- https://cve.org/CVERecord?id=CVE-2024-40898
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-40898.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-40898
- Aliases
- Downstream
- Related
- Published
- 2024-07-18T10:15:03.217Z
- Modified
- 2026-04-02T12:17:18.616815Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
SSRF in Apache HTTP Server on Windows with mod_rewrite in server/vhost context, allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests.
Users are recommended to upgrade to version 2.4.62 which fixes this issue.
- References
Affected packages
Git / github.com/apache/httpd
Affected versions
1.*
1.2.0
1.2.1
1.2.2
1.3.0
1.3.1
1.3.10
1.3.11
1.3.12
1.3.13
1.3.14
1.3.2
1.3.3
1.3.4
1.3.5
1.3.6
1.3.7
1.3.8
1.3.9
2.*
2.0.1
2.0.10
2.0.11
2.0.12
2.0.13
2.0.14
2.0.15
2.0.16
2.0.17
2.0.18
2.0.19
2.0.2
2.0.20
2.0.21
2.0.22
2.0.23
2.0.24
2.0.25
2.0.26
2.0.27
2.0.28
2.0.29
2.0.3
2.0.30
2.0.31
2.0.32
2.0.33
2.0.34
2.0.35
2.0.36
2.0.37
2.0.38
2.0.39
2.0.4
2.0.40
2.0.41
2.0.42
2.0.43
2.0.44
2.0.45
2.0.46
2.0.47
2.0.48
2.0.49
2.0.5
2.0.50
2.0.51
2.0.52
2.0.53
2.0.54
2.0.55
2.0.56
2.0.57
2.0.58
2.0.59
2.0.6
2.0.60
2.0.61
2.0.62
2.0.63
2.0.64
2.0.65
2.0.7
2.0.8
2.0.9
2.1.1
2.1.10
2.1.2
2.1.3
2.1.4
2.1.5
2.1.6
2.1.7
2.1.8
2.1.9
2.2.0
2.2.1
2.2.10
2.2.11
2.2.12
2.2.13
2.2.14
2.2.15
2.2.16
2.2.17
2.2.18
2.2.19
2.2.2
2.2.20
2.2.21
2.2.22
2.2.23
2.2.24
2.2.25
2.2.26
2.2.27
2.2.28
2.2.29
2.2.3
2.2.30
2.2.31
2.2.32
2.2.33
2.2.34
2.2.4
2.2.5
2.2.6
2.2.7
2.2.8
2.2.9
2.3.0
2.3.1
2.3.10
2.3.11
2.3.12
2.3.13
2.3.14
2.3.15
2.3.16
2.3.2
2.3.3
2.3.4
2.3.5
2.3.6
2.3.7
2.3.8
2.3.9
2.4.0
2.4.1
2.4.10
2.4.11
2.4.12
2.4.13
2.4.14
2.4.15
2.4.16
2.4.17
2.4.18
2.4.19
2.4.2
2.4.20
2.4.21
2.4.22
2.4.23
2.4.24
2.4.25
2.4.26
2.4.27
2.4.28
2.4.29
2.4.3
2.4.30
2.4.31
2.4.32
2.4.33
2.4.34
2.4.35
2.4.36
2.4.37
2.4.38
2.4.39
2.4.4
2.4.40
2.4.41
2.4.42
2.4.43
2.4.44
2.4.45
2.4.46
2.4.47
2.4.48
2.4.49
2.4.5
2.4.50
2.4.51
2.4.52
2.4.53
2.4.53-rc1-candidate
2.4.53-rc2-candidate
2.4.54
2.4.54-rc1-candidate
2.4.54-rc2-candidate
2.4.54-rc3-candidate
2.4.55
2.4.55-rc1-candidate
2.4.56
2.4.56-candidate
2.4.56-rc1-candidate
2.4.57
2.4.57-rc1-candidate
2.4.58
2.4.58-rc1-candidate
2.4.58-rc2-candidate
2.4.58-rc3-candidate
2.4.59
2.4.59-rc1-candidate
2.4.6
2.4.60
2.4.60-rc1-candidate
2.4.60-rc2-candidate
2.4.60-rc3-candidate
2.4.60-rc4-candidate
2.4.61
2.4.61-rc1-candidate
2.4.62-rc1-candidate
2.4.63
2.4.63-candidate
2.4.64
2.4.64-rc1-candidate
2.4.64-rc2-candidate
2.4.65
2.4.65-rc1-candidate
2.4.65-rc2-candidate
2.4.65-rc3-candidate
2.4.66
2.4.66-rc1-candidate
2.4.7
2.4.8
2.4.9
2.5.0-alpha
2.5.0-alpha2-ci-test-only
Other
AGB_BEFORE_AAA_CHANGES
APACHE_1_2b1
APACHE_1_2b10
APACHE_1_2b11
APACHE_1_2b2
APACHE_1_2b3
APACHE_1_2b4
APACHE_1_2b5
APACHE_1_2b6
APACHE_1_2b7
APACHE_1_2b8
APACHE_1_2b9
APACHE_1_3_PRE_NT
APACHE_1_3a1
APACHE_1_3b1
APACHE_1_3b2
APACHE_1_3b3
APACHE_1_3b5
APACHE_1_3b6
APACHE_1_3b7
APACHE_2_0_2001_02_09
APACHE_2_0_52_WROWE_RC1
APACHE_2_0_ALPHA
APACHE_2_0_ALPHA_2
APACHE_2_0_ALPHA_3
APACHE_2_0_ALPHA_4
APACHE_2_0_ALPHA_5
APACHE_2_0_ALPHA_6
APACHE_2_0_ALPHA_7
APACHE_2_0_ALPHA_8
APACHE_2_0_ALPHA_9
APACHE_2_0_BETA_CANDIDATE_1
APACHE_BIG_SYMBOL_RENAME_POST
APACHE_BIG_SYMBOL_RENAME_PRE
CHANGES
HTTPD_LDAP_1_0_0
INITIAL
MOD_SSL_2_8_3
PCRE_3_9
POST_APR_SPLIT
PRE_APR_CHANGES
STRIKER_2_0_51_RC1
STRIKER_2_0_51_RC2
STRIKER_2_1_0_RC1
WROWE_2_0_43_PRE1
apache-1_3-merge-1-post
apache-1_3-merge-1-pre
apache-1_3-merge-2-post
apache-1_3-merge-2-pre
apache-apr-merge-3
apache-doc-split-01
dg_last_1_2_doc_merge
djg-apache-nspr-07
djg_nspr_split
moving_to_httpd_module
mpm-3
mpm-merge-1
mpm-merge-2
post_ajp_proxy
pre_ajp_proxy
candidate-2.*
candidate-2.4.49
candidate-2.4.49-rc1
candidate-2.4.50-rc1
candidate-2.4.51-rc1
candidate-2.4.52-rc1