What is CVE-2024-38472?

CVE-2024-38472 is a vulnerability in Apache Software Foundation Http Server, classified under Server-Side Request Forgery (SSRF). Published 2024-07-01.

Is CVE-2024-38472 known to be exploited?

13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

SSRF in Apache Software Foundation Http Server

CVE-2024-38472

SSRF in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue. Note: Existing confi…

Vulnerability class: SSRF (Server-Side Request Forgery)

EPSS: 0.906 (99.6th percentile) — read the EPSS interpretation.

Affected products

Apache Software Foundation Http Server — versions 2.4.0

Weakness classification (CWE)

CWE-918 — Server-Side Request Forgery (SSRF)

Public proof-of-concept exploits

References

httpd.apache.org/security/vulnerabilities_24.html (vendor-advisory)

Frequently asked questions

What is CVE-2024-38472?: CVE-2024-38472 is a vulnerability in Apache Software Foundation Http Server, classified under Server-Side Request Forgery (SSRF). Published 2024-07-01.
Is CVE-2024-38472 known to be exploited?: 13 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.