CVE-2024-43394

{"id": "CVE-2024-43394", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2025-07-10T17:15:46.133", "references": [{"url": "https://httpd.apache.org/security/vulnerabilities_24.html", "tags": ["Vendor Advisory"], "source": "[email protected]"}, {"url": "http://www.openwall.com/lists/oss-security/2025/07/10/2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2025/07/10/5", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/08/msg00009.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-918"}]}], "descriptions": [{"lang": "en", "value": "Server-Side Request Forgery (SSRF)\u00a0in Apache HTTP Server on Windows allows to potentially leak NTLM hashes to a malicious server via\u00a0\nmod_rewrite or apache expressions that pass unvalidated request input.\n\nThis issue affects Apache HTTP Server: from 2.4.0 through 2.4.63.\n\nNote: \u00a0The Apache HTTP Server Project will be setting a higher bar for accepting vulnerability reports regarding SSRF via UNC paths. \n\nThe server offers limited protection against administrators directing the server to open UNC paths.\nWindows servers should limit the hosts they will connect over via SMB based on the nature of NTLM authentication."}, {"lang": "es", "value": "Server-Side Request Forgery (SSRF) en Apache HTTP Server en Windows permite filtrar hashes NTLM a un servidor malicioso mediante mod_rewrite o expresiones de Apache que pasan una entrada de solicitud no validada. Este problema afecta al servidor HTTP Apache desde la versi\u00f3n 2.4.0 hasta la 2.4.63. Nota: El proyecto del servidor HTTP Apache establecer\u00e1 un est\u00e1ndar m\u00e1s estricto para la aceptaci\u00f3n de informes de vulnerabilidad relacionados con SSRF mediante rutas UNC. El servidor ofrece protecci\u00f3n limitada contra administradores que le indiquen que abra rutas UNC. Los servidores Windows deben limitar los hosts a los que se conectan mediante SMB seg\u00fan la naturaleza de la autenticaci\u00f3n NTLM."}], "lastModified": "2025-11-04T22:16:03.600", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:apache:http_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C552FA45-1E0F-4F3A-BB99-8E4604C82820", "versionEndExcluding": "2.4.64", "versionStartIncluding": "2.4.0"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "[email protected]"}